Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade stylelint from 13.13.1 to 16.1.0 #1005

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

tmcgee
Copy link
Member

@tmcgee tmcgee commented Dec 26, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: stylelint The new version differs by 250 commits.
  • 5882290 16.1.0
  • 6c4b64d Prepare 16.1.0 (#7415)
  • 566c422 Bump file-entry-cache from 7.0.2 to 8.0.0 (#7427)
  • 42bf8f8 Bump meow from 12.1.1 to 13.0.0 (#7426)
  • cb509a0 Fix `function-url-quotes` false positives for SCSS variable and `@` character (#7416)
  • e222352 Document benefits from TypeScript annotation (#7423)
  • 760a6f1 Fix `selector-pseudo-class-no-unknown` false positive for `:popover-open` (#7425)
  • 8ec6748 Add `ignore: ["keyframe-selectors"]` to `selector-disallowed-list` (#7417)
  • 548b221 Add missing changelog for PR #7366
  • 19ab06a Sort rules alphabetically in `docs/user-guide/rules.md` (#7422)
  • 0e8b1fd Bump rollup from 4.8.0 to 4.9.1 (#7414)
  • 0455938 Bump the csstools-parser group with 2 updates (#7411)
  • e03a0f9 Update stylelint-stylistic plugin link (#7419)
  • b92260f Bump @ csstools/selector-specificity from 3.0.0 to 3.0.1 (#7413)
  • 368e40f Bump the eslint group with 2 updates (#7412)
  • ef766cd Bump github/codeql-action from 2 to 3 (#7410)
  • b34a184 Document testing options in more detail in the v16 migration guide (#7407)
  • 7620c2c Fix `declaration-property-value-no-unknown` and other false positives for multiline SCSS interpolation (#7406)
  • d03def6 Add lightness-notation (#7366)
  • da7ce21 16.0.2
  • 303b3c9 Prepare 16.0.2 (#7386)
  • fbc6adf Bump rollup from 4.6.1 to 4.8.0 (#7394)
  • d4b12aa Bump np from 8.0.4 to 9.2.0 (#7391)
  • 0ec3df4 Bump the typescript group with 1 update (#7390)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants