Skip to content

[Snyk] Security upgrade gh-pages from 2.1.1 to 3.2.1#4

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-399ad3925d1c49a36c41b20283961f82
Open

[Snyk] Security upgrade gh-pages from 2.1.1 to 3.2.1#4
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-399ad3925d1c49a36c41b20283961f82

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Jun 15, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gh-pages The new version differs by 73 commits.
  • fb29abb 3.2.1
  • 6f02e77 Log changes
  • a4c9eee Merge pull request #393 from AviVahl/filenamify2-audit-fix
  • d49620e security(deps): bump filenamify-url to 2.1.1
  • fb4c9f1 3.2.0
  • 730af73 Log changes
  • a018db8 Merge pull request #391 from tschaub/updates
  • 09877a5 Run tests on Node 16
  • 573a224 Update dev dependencies
  • 0adc373 Merge pull request #375 from demee/patch-1
  • db0b483 Update readme.md
  • fce5177 Merge pull request #390 from cizordj/patch-1
  • 5e7ad56 Merge pull request #388 from tschaub/dependabot/npm_and_yarn/hosted-git-info-2.8.9
  • 7570da1 Fix little typo in the README
  • 665b1f5 Merge branch 'main' into patch-1
  • 166a609 Bump hosted-git-info from 2.8.8 to 2.8.9
  • 30c90b4 Merge pull request #387 from tschaub/dependabot/npm_and_yarn/y18n-4.0.3
  • b69b4d3 Merge pull request #378 from mickelsonmichael/main
  • 253fb9a Bump y18n from 4.0.0 to 4.0.3
  • a92726a Merge pull request #386 from tschaub/dependabot/npm_and_yarn/lodash-4.17.21
  • 7b8cdbb Bump lodash from 4.17.14 to 4.17.21
  • 18d152b Merge pull request [Snyk] Upgrade axios from 0.19.0 to 0.21.1 #1 from mickelsonmichael/mickelsonmichael/main
  • b089ca8 Add named script example for GitHub Actions
  • 057903e Add GITHUB_REPOSITORY env to GitHub Action tip

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot