New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade clean-css from 4.1.9 to 4.2.4 #5

Open

tcotidiane33 wants to merge 1 commit into master from snyk-upgrade-963af06109baf41d94a4b1d1035f3779

Owner

tcotidiane33 commented Mar 29, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade clean-css from 4.1.9 to 4.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 2 years ago, on 2021-10-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Uninitialized Memory Exposure npm:stringstream:20180511	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Mature
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: clean-css

4.2.4 - 2021-10-21
Version 4.2.4.
4.2.3 - 2020-01-28
4.2.2 - 2020-01-25
4.2.1 - 2018-08-07
4.2.0 - 2018-08-02
4.1.11 - 2018-03-06
4.1.10 - 2018-03-05
4.1.9 - 2017-09-19

from clean-css GitHub release notes

Commit messages

Package name: clean-css

bf0c501 Version 4.2.4.
d76fb36 Backports correct decimal point regex from 5.x branch.
5f8fdfd Backports prototype pollution fix from 5.x branch.
a369559 Fixes failing protocol import tests.
d0ad142 Version 4.2.3.
f47397c Fixes #1106 - regression in handling RGBA and HSLA colors.
a75f942 Bumps web interface to version 4.2.2.
58d80f8 Version 4.2.2.
e79454c Adds missing changelog entries.
e1410e4 fix(colors): convert rgba/hsla to rgb/hsl if opacity is >= 1 (#1083)
9b1ed5b Prevent unquoting on grid elements (#1085)
31379cd Fix local fonts with colors in name (#1077)
da25f4f Prevent error if property block has no value (level 0) (#1061)
b01dd75 Bumps web interface to version 4.2.1.
87a8722 Version 4.2.1.
b7da0d1 Fixes giving `breakWith` option via a string.
e14931a Bumps web interface to version 4.2.0.
9dd091f Version 4.2.0.
59bf990 Fixes #964 - allows for configurable line breaks.
48808f7 Fixes #1000 - carriage return handling in tokenizer.
ec259be Fixes #986 - CSS 4 colors in level 2 optimizations.
8f52600 Fixes #1036 - double `deepClone` declaration.
5603448 Updates changelog - see #1037.
88c558a Fix incorrect stripping of quotes in font-variation-settings (#1039)

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade clean-css from 4.1.9 to 4.2.4

9d19ead

Snyk has created this PR to upgrade clean-css from 4.1.9 to 4.2.4.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/tcotidiane33/project/0ccd99bd-950b-418c-ae9d-caab4afdfb9b?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet