This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.
Vulnerabilities that will be fixed
With an upgrade:
| Severity |
Priority Score (*) |
Issue |
Breaking Change |
Exploit Maturity |
| high severity |
661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116 |
Yes |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: js-beautify
The new version differs by 250 commits.
- 340b577 Release: 1.14.10
- 13bb155 Merge remote-tracking branch 'origin/staging/main' into staging/release
- 4944f58 Bump version numbers for 1.14.10
- 5a27c90 Update Changelog
- a6698f0 Update milestone-publish.yml
- 425755f Merge pull request #2195 from sobolevn/patch-1
- 99347ac Merge pull request #2209 from likendev/fix/sri-hash-update
- 8feaca4 fix: replace dracula to darcula
- 9d638cb fix: updated SRI hash to sha512
- cb270b3 fix: update SRI verification hash
- 8314a12 Merge pull request #2203 from beautify-web/dependabot/npm_and_yarn/webpack-5.89.0
- 48c8ef4 Merge pull request #2206 from beautify-web/dependabot/github_actions/actions/setup-node-4
- f176cec Bump actions/setup-node from 3 to 4
- 5674bd8 Bump webpack from 5.88.2 to 5.89.0
- a101b70 Merge pull request #2200 from beautify-web/dependabot/npm_and_yarn/glob-10.3.10
- d5c8e9c Bump glob from 10.3.4 to 10.3.10
- 33d9bf2 Use raw strings to define a regex in `packer.py`
- 6cf6782 Merge pull request #2192 from beautify-web/dependabot/github_actions/actions/checkout-4
- cb535de Merge pull request #2191 from beautify-web/dependabot/npm_and_yarn/glob-10.3.4
- 97436d8 Bump actions/checkout from 3 to 4
- aac9c87 Bump glob from 10.3.3 to 10.3.4
- 5039472 Merge pull request #2157 from beautify-web/issue/2152-python-test
- 4925cbc Merge pull request #2116 from mhnaeem/json-invalid-wrap-with-line-length-and-signed-number
- 3b5f18a Turn python CSS tests back on
See the full diff
Package name: linkinator
The new version differs by 98 commits.
See the full diff
Package name: node-sass
The new version differs by 47 commits.
- 3b556c1 7.0.2
- c716359 Bump sass-graph@^4.0.1 (#3292)
- 24741b3 docs(readme): fix docpad plugin link
- 1523330 feat: Drop Node 12
- 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
- 1456114 build(deps): bump actions/upload-artifact from 2 to 3
- b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
- e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
- 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
- 29e2344 build(deps): bump actions/checkout from 2 to 3
- 85b0d22 build(deps): bump actions/setup-node from 2 to 3
- 3bb51da Use make-fetch-happen instead of request (#3193)
- adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
- 77d12f0 chore: disable Apline for Node 16/17 builds
- 308d533 ci: use Python 3 for Node 12
- c818907 ci: unpin actions/setup-node to v2
- 99242d7 7.0.1
- 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
- c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
- 918dcb3 Lint fix
- 0a21792 Set rejectUnauthorized to true by default (#3149)
- e80d4af chore: Drop EOL Node 15 (#3122)
- d753397 feat: Add Node 17 support (#3195)
- dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
See the full diff
Package name: rimraf
The new version differs by 40 commits.
- 3b6b098 4.0.0
- e0cffea ci: reduce workload even more
- 0e6646d ci: remove unnecessary lint filter
- 546e017 update action versions
- 6d88a65 tone down benchmark intensity
- 842a8d2 fix benchmark workflow yaml
- 1b91697 chore: add copyright year to license
- 08bbb06 rewrite in TS, export hybrid, update changelog, docs
- 1b3f46e drop support for node versions below 14
- 2e1f003 gh actions workflow for benchmarks
- 52f9370 tests for retry-busy behavior
- 188e3ed don't test on very old node versions
- d1d5495 test for fix-eperm
- e7501cd prettier formatting
- 40f64ec windows: only fall back to move-remove when absolutely necessary
- b6f7819 update tap
- 99496cd test: run posix test on windows, why not?
- 51d43c1 benchmarks
- 6b8aa29 doc: correct os.tmp default
- 4b228c9 do not ever actually try to rmdir /
- 2442655 consolidate all the spellings of 'opt' into one
- d4eec2e add cli script
- 0c82d74 accept strings, arrays of strings, and no other types
- ad4f2db Do not rimraf /, override with preserveRoot:false
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-INFLIGHT-6095116
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: js-beautify
The new version differs by 250 commits.See the full diff
Package name: linkinator
The new version differs by 98 commits.See the full diff
Package name: node-sass
The new version differs by 47 commits.See the full diff
Package name: rimraf
The new version differs by 40 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.