[Snyk] Upgrade grunt from 1.1.0 to 1.3.0

[snyk-bot]

Snyk has created this PR to upgrade grunt from 1.1.0 to 1.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2020-08-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-608086	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-GRUNT-597546	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: grunt

• 1.3.0 - 2020-08-18
  
  • Merge pull request #1720 from gruntjs/update-changelog-deps faab6be
  • Update Changelog and legacy-util dependency 520fedb
  • Merge pull request #1719 from gruntjs/yaml-refactor 7e669ac
  • Switch to use safeLoad for loading YML files via file.readYAML. e350cea
  • Merge pull request #1718 from gruntjs/legacy-log-bumo 7125f49
  • Bump legacy-log 00d5907

  v1.2.1...v1.3.0

• 1.2.1 - 2020-07-07
  
  • Changelog update ae11839
  • Merge pull request #1715 from sibiraj-s/remove-path-is-absolute 9d23cb6
  • Remove path-is-absolute dependency e789b1f

  v1.2.0...v1.2.1

• 1.2.0 - 2020-07-03
  
  • Allow usage of grunt plugins that are located in any location that
    is visible to Node.js and NPM, instead of node_modules directly
    inside package that have a dev dependency to these plugins.
    (PR: #1677)
  • Removed coffeescript from dependencies. To ease transition, if
    coffeescript is still around, Grunt will attempt to load it.
    If it is not, and the user loads a CoffeeScript file,
    Grunt will print a useful error indicating that the
    coffeescript package should be installed as a dev dependency.
    This is considerably more user-friendly than dropping the require entirely,
    but doing so is feasible with the latest grunt-cli as users
    may simply use grunt --require coffeescript/register.
    (PR: #1675)
  • Exposes Grunt Option keys for ease of use.
    (PR: #1570)
  • Avoiding infinite loop on very long command names.
    (PR: #1697)
• 1.1.0 - 2020-03-17
  
  • Update to mkdirp ~1.0.3
  • Only support versions of Node >= 8

from grunt GitHub release notes

Commit messages

Package name: grunt

• 6f49017 1.3.0
• faab6be Merge pull request JSON error in logs when accessing stats page for a package with no downloads. NuGet/NuGetGallery#1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request Improved Readme file NuGet/NuGetGallery#1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request Contact owners now has a "CC Me" checkbox NuGet/NuGetGallery#1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log
• 3b75085 1.2.1
• ae11839 Changelog update
• 9d23cb6 Merge pull request Iteration Checklist 11/15 NuGet/NuGetGallery#1715 from sibiraj-s/remove-path-is-absolute
• e789b1f Remove path-is-absolute dependency
• 27bc5d9 Merge pull request Added scripts to help manage branches NuGet/NuGetGallery#1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request Update the Verify Package page to have all the contents of the package NuGet/NuGetGallery#1570 from bhldev/feature-options-keys
• ee70306 Merge pull request In theory this will fix #1585... font awesome in IE7 - now how to test it? NuGet/NuGetGallery#1697 from philz/1696
• 05c0634 Merge pull request Some minor fixes to make the build work more universally NuGet/NuGetGallery#1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request Unhandled javascript errors on every Statistics page in both IE7 and 8 (in d3.v3.min.js)  NuGet/NuGetGallery#1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request Remove Friendly License Names feature switch NuGet/NuGetGallery#1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request Navigating to "Edit Package" page is REALLY slow and sometimes times out NuGet/NuGetGallery#1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request Unable to build last commit in master NuGet/NuGetGallery#1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs