[Snyk] Fix for 4 vulnerabilities #187

baby636 · 2023-11-28T03:03:50Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- src/lib/bootstrap-sass/package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mincer

The new version differs by 32 commits.

72e8da5 1.4.0 released
f93bb8b Added manifest example test, [Snyk] Security upgrade crypto-js from 3.3.0 to 4.2.0 #183
9f977ae Turn on compression modules in example test
358fcd4 Added example server simple test, [Snyk] Security upgrade crypto-js from 3.3.0 to 4.2.0 #183
d333d83 Added stylus sourcemaps support, closes [Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #170
d10c1b6 LESS 2.x sourcemap fix, closes [Snyk] Fix for 44 vulnerabilities #189
c8c4a89 coding style cleanup
a47b3ed `source-map` version bump
9775a9e Fixed csswring sourcemap generation
e55117b Dropped CSSWring legacy API support
fd5d465 Dropped Autoprefixer legacy API support
32ef6e6 lodash & argparse versions bump
f11435e configs update
6473023 fs-tools -> mkdirp
24ee375 Docs update
d6ee320 Merge pull request [Snyk] Security upgrade jsrsasign from 8.0.24 to 11.0.0 #211 from codynguyen/update-autoprefixer
6f9b930 [Snyk] Security upgrade axios from 0.17.1 to 1.6.4 #210 change autoprefixer-core back to autoprefixer
c2c3434 Fix API docs. Resolves [Snyk] Fix for 1 vulnerabilities #203. Thanks @ ricardograca.
3d1f9aa 1.3.1 released
5b1ccc5 Merge pull request [Snyk] Security upgrade jasmine-node from 1.11.0 to 3.0.0 #208 from inukshuk/sass-sourcemaps
8b30681 Add Sass SourceMap support
3fd64c8 Merge pull request [Snyk] Fix for 3 vulnerabilities #207 from inukshuk/sass-configuration
21587bc Make SassEngine configurable
62e82dd Merge pull request [Snyk] Fix for 1 vulnerabilities #205 from inukshuk/patch-1

Package name: node-sass

The new version differs by 250 commits.

d707218 Bump v3.5.1 because npm
a15f54c Merge pull request #1452 from saper/fix-build
4f420a5 Use "double quotes" around the binding file name
99ea434 Actually check if the binary exists.
1e4bba8 v3.5.0: Filter branch for appveyor
8e09b74 Merge pull request #1450 from xzyfer/feat/release/3.5.0
6519cdf v3.5.0
ef7a272 Merge pull request #1449 from xzyfer/feat/binary-error
211f312 Log the error when there is a problem with the binary
ec48be4 Bump LibSass 3.3.5
5df330d Bump LibSass 3.3.5
9c6933f Merge pull request #1435 from xzyfer/fix/binary-verification
0fa5e5e Fix a regression in binary verification
7c24716 Merge pull request #1430 from xzyfer/feat/process-sass-deprecation-warning
adb6166 Ouptut a deprecation warning to stdout when using process.sass
d76923b Merge pull request #1428 from xzyfer/feat/better-binary-error-messages
cf87e0b Better error messages for missing binaries
41db8b9 Merge pull request #1427 from xzyfer/feat/remove-process-sass
90b6939 Polyfill process.sass
22c560c Remove use of global process.sass
b0df78d Merge pull request #1424 from xzyfer/feat/importer-docs-return-null
02eee94 Update custom importer documentation to advocate returning `null`
09bf80c Merge pull request #1390 from eoneill/customFunctionsContext
5b2862e Merge pull request #1423 from xzyfer/feat/dont-ignore-vendor-folder