Skip to content

[Snyk] Security upgrade grunt from 1.3.0 to 1.5.0#417

Open
SensitiveMix wants to merge 1 commit into
masterfrom
snyk-fix-a41328a8dc15469323df9e24e0096097
Open

[Snyk] Security upgrade grunt from 1.3.0 to 1.5.0#417
SensitiveMix wants to merge 1 commit into
masterfrom
snyk-fix-a41328a8dc15469323df9e24e0096097

Conversation

@SensitiveMix

@SensitiveMix SensitiveMix commented Apr 14, 2022

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • public/ueditor/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 708/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.3		 Directory Traversal
SNYK-JS-GRUNT-2635969		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt The new version differs by 23 commits.
  • a7ab0a8 1.5.0
  • b2b2c2b Updated changelog
  • 3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
  • 47d32de Update testing matrix
  • 2e9161c More updates
  • 04b960e Remove console log
  • aad3d45 Update dependencies, tests...
  • fdc7056 Merge pull request #1736 from justlep/main
  • e35fe54 support .cjs extension
  • ee722d1 1.4.1
  • e7625e5 Update Changelog
  • 5d67e34 Merge pull request #1731 from gruntjs/update-options
  • d13bf88 Fix ci install
  • 08896ae Switch to Actions
  • eee0673 Update grunt-known-options
  • 1b6e288 Add note about a breaking change
  • ffa6775 1.4.0
  • 63b2e89 Merge pull request #1728 from gruntjs/update-deps-changelog
  • 106ed17 Update changelog and util dep
  • 49de70b Merge pull request #1727 from gruntjs/update-deps-apr
  • 47cf8b6 Update CLI and nodeunit
  • e86db1c Merge pull request #1722 from gruntjs/update-through
  • 4952368 Update deps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SensitiveMix @snyk-bot