[Snyk] Fix for 1 vulnerabilities by snyk-bot · Pull Request #8 · feicc/hexo

snyk-bot · 2020-01-22T00:42:13Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change
	Information Disclosure SNYK-JS-KINDOF-537849	Yes

Commit messages

Package name: hexo-cli

The new version differs by 51 commits.

03dbca4 2.0.0
88d5d87 Bump bluebird from 3.5.4 to 3.5.5 (#70)
9d14688 Bump resolve from 1.10.1 to 1.11.0 (#68)
94ef1f5 Bump hexo-renderer-marked from 0.3.2 to 1.0.1 (#67)
6dc001f Refactor(es2015) (#65)
cac3c9e Merge pull request #63 from hexojs/dependabot/npm_and_yarn/resolve-1.10.1
1a9bda3 refactor(ES2015): var to let/const (#62)
fdb1fa9 Bump resolve from 1.10.0 to 1.10.1
fc34d1e Merge pull request #60 from hexojs/dependabot/npm_and_yarn/sinon-7.3.2
e50e258 Bump mocha from 6.1.2 to 6.1.4 (#61)
7554aee Bump sinon from 7.2.7 to 7.3.2
770f005 Merge pull request #58 from hexojs/dependabot/npm_and_yarn/mocha-6.1.2
cd3289c Bump mocha from 6.0.2 to 6.1.2
8aa4bed Bump bluebird from 3.5.3 to 3.5.4 (#56)
5c128de Merge pull request #55 from hexojs/dependabot/npm_and_yarn/eslint-5.16.0
e99b343 Bump eslint from 5.15.3 to 5.16.0
8611416 Bump eslint from 5.15.2 to 5.15.3 (#52)
2a65419 Bump eslint from 5.15.1 to 5.15.2 (#51)
b526c61 update all packages to latest and include package-lock.json (#50)
aa05580 Update mocha requirement from ^5.2.0 to ^6.0.0 (#47)
1b45acb remove useless file from npm module (#46)
30d05ed Fixed the invalid type error while running init with a numeric folder name. (#45)
bf6a072 Merge pull request #42 from hexojs/dependabot/npm_and_yarn/proxyquire-tw-2.1.0
5f1bb3c Merge pull request #44 from hexojs/dependabot/npm_and_yarn/chalk-tw-2.4.1

See the full diff

Package name: hexo-fs

The new version differs by 24 commits.

0383500 1.0.0
2c5e9d4 Merge pull request [Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.4 #20 from segayuu/refactoring-es2016nify
62c3dd7 Merge pull request [Snyk] Security upgrade hexo-cli from 1.1.0 to 4.3.1 #21 from segayuu/fix-test-stream-event
234b049 fix test: Wait for resources to be properly released
4fd9de7 Refactering es2016nify
5df45c4 Auto es2016nify from lebab
3d0f4f7 Merge pull request [Snyk] Fix for 10 vulnerabilities #19 from segayuu/tester-use-iferr
fbeeeed fix test
28c5c7f Merge branch 'tester-use-iferr' of https://github.com/segayuu/hexo-fs into tester-use-iferr
59e5276 merge master
bf4d648 Merge pull request [Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.1 #16 from segayuu/small-callback-scope
42c4e5f Merge branch 'master' into tester-use-iferr
57969de Merge pull request [Snyk] Security upgrade moment from 2.13.0 to 2.29.2 #17 from tomap/master
97fd14f fix exists callback error handling
6f1575a fix stream error handling
a537172 Use of tiferr for error handling using callback
4056891 install iferr
9d177be Merge pull request [Snyk] Fix for 1 vulnerabilities #18 from segayuu/upgrade-chai
51947b9 upgrade chai
0e79d48 Update to latest to avoid security audit alerts
bebf47e try-catch to should.to.throw()
53c9b1f transform es2015nify from lebab
fb9912c small callback scope
f8a7bea upgrade mocha ([Snyk] Security upgrade chalk from 1.1.3 to 2.0.0 #15)

See the full diff

Package name: nunjucks

The new version differs by 250 commits.

9a0ce36 3.13 release - fix typo in CHANGELOG
c2de0e4 Release 3.1.3
4d8a4cc Update chokidar optionalDependency. Fixes #1103
d140280 Update CONTRIBUTING.md to reflect supported node releases [ci skip]
af6427d Update CHANGELOG
1b76fb8 Update package.json engines to reflect supported node versions
8afacce Add unit tests for {% if x is [not] defined %}. refs #1110
248cf56 Fix "Invalid type: Is" error when using {% if x is defined %}
2eaea16 Drop node v4 support, add node v9
8041120 Include file/lineno in TemplateError message. fixes #1087, #1095
1b4558d Merge pull request #1090 from TheDancingCode/forceescape
f478b06 Add "forceescape" filter
de49d33 Merge pull request #1089 from gingerrific/master
3ab849c Update remaining src links
dedb978 Update API.md links to use correct paths
323dabe Fix postinstall-build packaging issue, v3.1.2
9f1b7da Prepare for next release
6f3e4a3 v3.1.1
eed7b2d Fix bug that broke template caching. fixes #1074
db8e3c3 Fix error when running npm install nunjucks --no-bin-links
2c97201 try/catch require of chokidar to make it truly optional
a65d3b8 bower forbids minified js in the main property
2c98065 Add nunjucks folder to bower.json ignore
470181d Prepare for next release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-KINDOF-537849

fix: package.json to reduce vulnerabilities

7f86662

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-KINDOF-537849

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities#8

[Snyk] Fix for 1 vulnerabilities#8
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-8e3a177c582ab8e11babb8839fa837ec

snyk-bot commented Jan 22, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

snyk-bot commented Jan 22, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant