Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade svelte-preprocess from 4.10.7 to 5.0.2 #64

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade svelte-preprocess from 4.10.7 to 5.0.2 #64

wants to merge 1 commit into from

Conversation

ViorelMocanu
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: svelte-preprocess The new version differs by 40 commits.
  • fdb8a90 chore(release): 5.0.2
  • 731516d fix: remove deprecated package @ types/sass (#583)
  • adb87b9 fix: add support for TypeScript 5 (#585)
  • 1097b79 docs: update issue link
  • 7428ee6 chore(release): 5.0.1
  • 278de4f chore: update sorcery (#571)
  • fdbbbb9 docs: Update documentation about Sass options
  • 4218419 docs: fix changelog
  • 83ee372 chore(release): 5.0.0
  • 537b975 chore(release): 5.0.0-alpha.1
  • f0382b6 docs: fix changelog
  • 2c0bd45 fix: map .sss as .css to support sugarss extension
  • 3f2687b fix: 🐛 add sugarss v3 and v4 as supported
  • 8ca4890 chore(release): 5.0.0-alpha.0
  • 3d60856 fix: 🐛 remove support for custom default languages
  • 2806ada feat: 🎸 bump minimum node version to 14
  • c98b3e9 chore: rename coffeescript to coffee in test
  • 3f01e23 test: fix scss dependencies test
  • 07bc8aa fix: 🐛 remove support for 'type' attribute
  • 9f4c29f chore: remove unused method
  • 240a588 docs: tell, that we use legacy api (#453)
  • a88a45c chore: update linter and formatter
  • 06fd5b9 chore: use sass types for legacy render API. Support sync version only
  • 1cb01f0 chore: fix type after svelte upgrade

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ViorelMocanu @snyk-bot