Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gulp-uglify from 0.3.2 to 1.3.0 #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gulp-uglify from 0.3.2 to 1.3.0 #15

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 629/1000
Why? Has a fix available, CVSS 8.3		 Improper minification of non-boolean comparisons
npm:uglify-js:20150824		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-uglify The new version differs by 37 commits.
  • b1f79ba 1.3.0
  • 18f3c0a chore(travis): use container-base infrastructure
  • 75f7a3b chore(dependency): upgrade through2
  • 4f5607f Bump UglifyJS Dependency
  • 888bd34 Merge pull request #118 from ciceropablo/master
  • b7ae46c Fix typo
  • ee17987 Merge pull request #100 from jordansexton/patch-1
  • 1ca3bfb Typo fix: uglfiy -> uglify
  • 4ead3aa Version 1.2.0
  • 491c00f chore(travis): drop iojs specific versions
  • 8f717fa chore(dependencies): Update dependencies, including uglify-js
  • 4fa24c3 documentation: Add documentation for handling errors to README.
  • 36ffb74 feature: Allow UglifyJS instance to be injected [fixes #77]
  • fae2d18 Merge pull request #86 from terinjokes/iojs-travis
  • 04c5a2b Add 0.12 and 1.3 and 1.4 to Travis CI
  • ca01adc Fix #81
  • 2424138 1.1.0
  • a225a6e Update CHANGELOG
  • be624d5 Merge pull request #75 from tschaub/patch-1
  • a5f0fa1 Merge pull request #74 from floridoo/sourcemap_fix
  • b036abc Use [email protected]
  • 8b9fc8c Fix sources path in source maps (fixes #56)
  • b3eae16 1.0.2
  • 4cd6ae0 No longer catch errors from the transform callback.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper minification of non-boolean comparisons

@snyk-bot
fix: package.json to reduce vulnerabilities
a1733e6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:uglify-js:20150824
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot