Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade htmlhint from 0.10.3 to 0.13.1 #39

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade htmlhint from 0.10.3 to 0.13.1 #39

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: htmlhint The new version differs by 69 commits.
  • c4a7de4 chore(release): 0.13.1 [skip ci]
  • c75cd80 ci: cleanup
  • 4e4e07b test: check line by line (#435)
  • dcd0a48 chore: update nyc ts (#434)
  • 562135c Merge branch 'develop' of https://github.com/htmlhint/HTMLHint into beta
  • 78fa94b chore: add coverage codecov (#387)
  • e28e312 chore(release): 0.13.1-beta.2 [skip ci]
  • 7e8429d fix: remove unused dependency esm (#430)
  • 526c1e3 Merge branch 'develop' into beta
  • aa5d81e chore(deps-dev): bump rollup-plugin-terser from 5.3.0 to 6.1.0 (#417)
  • a752328 chore(deps-dev): bump @ rollup/plugin-commonjs from 11.1.0 to 12.0.0 (#418)
  • 0485ac5 chore(deps-dev): bump @ rollup/plugin-node-resolve from 7.1.3 to 8.0.0 (#414)
  • 5096c1d chore(deps-dev): bump rollup from 2.10.3 to 2.12.0 (#429)
  • 000ef48 chore(deps-dev): bump lint-staged from 10.2.2 to 10.2.7 (#426)
  • 963b823 chore(deps-dev): bump mocha from 7.1.2 to 7.2.0 (#416)
  • 9af5937 refactor: simplify build and rename bin to cli (#428)
  • f92b167 Merge branch 'develop' into beta
  • 1de6ff7 chore(deps-dev): bump semantic-release from 17.0.7 to 17.0.8 (#419)
  • 14c9e79 chore(deps-dev): bump @ semantic-release/github from 7.0.6 to 7.0.7 (#415)
  • 36ab078 chore(deps-dev): bump eslint from 7.0.0 to 7.1.0 (#422)
  • cfa4918 chore: ignore formatting of CHANGELOG.md
  • 0637fad refactor: migrate to TypeScript (runtime code changes) (#423)
  • 135c9ba chore(release): 0.13.1-beta.1 [skip ci]
  • d08ec47 Merge branch 'develop' into beta

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@coliff coliff self-requested a review June 19, 2021 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coliff coliff coliff approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@snyk-bot @coliff