Skip to content

[Snyk] Security upgrade svelte-preprocess from 4.10.7 to 5.0.2#64

Open
ViorelMocanu wants to merge 1 commit intomainfrom
snyk-fix-762a410598a5d292cba46aaff3f07013
Open

[Snyk] Security upgrade svelte-preprocess from 4.10.7 to 5.0.2#64
ViorelMocanu wants to merge 1 commit intomainfrom
snyk-fix-762a410598a5d292cba46aaff3f07013

Conversation

@ViorelMocanu
Copy link
Owner

@ViorelMocanu ViorelMocanu commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: svelte-preprocess The new version differs by 40 commits.
  • fdb8a90 chore(release): 5.0.2
  • 731516d fix: remove deprecated package @ types/sass (#583)
  • adb87b9 fix: add support for TypeScript 5 (#585)
  • 1097b79 docs: update issue link
  • 7428ee6 chore(release): 5.0.1
  • 278de4f chore: update sorcery (#571)
  • fdbbbb9 docs: Update documentation about Sass options
  • 4218419 docs: fix changelog
  • 83ee372 chore(release): 5.0.0
  • 537b975 chore(release): 5.0.0-alpha.1
  • f0382b6 docs: fix changelog
  • 2c0bd45 fix: map .sss as .css to support sugarss extension
  • 3f2687b fix: 🐛 add sugarss v3 and v4 as supported
  • 8ca4890 chore(release): 5.0.0-alpha.0
  • 3d60856 fix: 🐛 remove support for custom default languages
  • 2806ada feat: 🎸 bump minimum node version to 14
  • c98b3e9 chore: rename coffeescript to coffee in test
  • 3f01e23 test: fix scss dependencies test
  • 07bc8aa fix: 🐛 remove support for 'type' attribute
  • 9f4c29f chore: remove unused method
  • 240a588 docs: tell, that we use legacy api (#453)
  • a88a45c chore: update linter and formatter
  • 06fd5b9 chore: use sass types for legacy render API. Support sync version only
  • 1cb01f0 chore: fix type after svelte upgrade

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ViorelMocanu @snyk-bot