[Snyk] Upgrade: , , browserify, cssnano, gulp-zip #1254
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@babel/preset-env
from 7.8.2 to 7.25.4 | 98 versions ahead of your current version | a month ago
on 2024-08-22
@babel/runtime
from 7.7.7 to 7.25.4 | 93 versions ahead of your current version | a month ago
on 2024-08-22
browserify
from 16.5.0 to 16.5.2 | 2 versions ahead of your current version | 4 years ago
on 2020-08-03
cssnano
from 4.1.10 to 4.1.11 | 1 version ahead of your current version | 3 years ago
on 2021-04-06
gulp-zip
from 5.0.1 to 5.1.0 | 2 versions ahead of your current version | 4 years ago
on 2021-03-10
Issues fixed by the recommended upgrade:
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-6139239
SNYK-JS-ACORN-559469
SNYK-JS-CACHEDPATHRELATIVE-2342653
SNYK-JS-ISSVG-1085627
SNYK-JS-ISSVG-1243891
SNYK-JS-LODASH-1018905
SNYK-JS-DOTPROP-543489
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-COLORSTRING-1082939
SNYK-JS-PATHPARSE-1077067
SNYK-JS-POSTCSS-1090595
SNYK-JS-POSTCSS-1255640
Release notes
Package name: @babel/preset-env
v7.25.4 (2024-08-22)
🐛 Bug Fix
babel-traverse
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-types
babel-generator
export namespace as A
(@ nicolo-ribaudo)💅 Polish
babel-generator
,babel-plugin-proposal-decorators
,babel-plugin-proposal-destructuring-private
,babel-plugin-proposal-pipeline-operator
,babel-plugin-transform-class-properties
,babel-plugin-transform-destructuring
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-private-methods
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-typescript
,babel-runtime-corejs2
,babel-runtime
,babel-traverse
babel-generator
,babel-plugin-transform-class-properties
babel-generator
,babel-plugin-proposal-decorators
,babel-plugin-proposal-destructuring-private
,babel-plugin-transform-object-rest-spread
🔬 Output optimization
babel-generator
Committers: 4
v7.25.3 (2024-07-31)
🐛 Bug Fix
babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-traverse
traverse.visitors.merge
(@ nicolo-ribaudo)🏠 Internal
babel-parser
@ babel/types
as a dependency of@ babel/parser
(@ nicolo-ribaudo)Committers: 2
v7.25.2 (2024-07-30)
🐛 Bug Fix
babel-core
,babel-traverse
requeueComputedKeyAndDecorators
is available (@ nicolo-ribaudo)Committers: 2
v7.25.0 (2024-07-26)
Thanks @ davidtaylorhq and @ slatereax for your first PR!
You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.
👓 Spec Compliance
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
await using
normative updates (@ JLHwung)babel-plugin-transform-typescript
🚀 New Feature
babel-helper-create-class-features-plugin
,babel-helper-function-name
,babel-helper-plugin-utils
,babel-helper-wrap-function
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression
,babel-plugin-transform-classes
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
,babel-types
ensureFunctionName
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-hoist-variables
,babel-helper-plugin-utils
,babel-plugin-proposal-async-do-expressions
,babel-plugin-transform-modules-systemjs
,babel-traverse
hoistVariables
toScope.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-split-export-declaration
,babel-plugin-transform-classes
,babel-traverse
,babel-types
splitExportDeclaration
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-environment-visitor
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-remap-async-to-generator
,babel-helper-replace-supers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-bugfix-v8-static-class-fields-redefine-readonly
,babel-plugin-transform-async-generator-functions
,babel-plugin-transform-classes
,babel-traverse
environment-visitor
helper into@ babel/traverse
(@ nicolo-ribaudo)babel-core
,babel-parser
.extra.async
(@ nicolo-ribaudo)babel-compat-data
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-preset-env
bugfix-safari-class-field-initializer-scope
(@ davidtaylorhq)babel-plugin-transform-block-scoping
,babel-traverse
,babel-types
NodePath#getAssignmentIdentifiers
(@ JLHwung)babel-helper-import-to-platform-api
,babel-plugin-proposal-json-modules
uncheckedRequire
option for JSON imports to CJS (@ nicolo-ribaudo)babel-helper-transform-fixture-test-runner
,babel-node
babel-node --eval
(@ slatereax)babel-compat-data
,babel-helper-create-regexp-features-plugin
,babel-plugin-proposal-duplicate-named-capturing-groups-regex
,babel-plugin-transform-duplicate-named-capturing-groups-regex
,babel-preset-env
,babel-standalone
duplicate-named-capturing-groups-regex
topreset-env
(@ JLHwung)🐛 Bug Fix
babel-generator
babel-template
,babel-types
🏠 Internal
babel-generator
(
before ambiguous tokens (@ nicolo-ribaudo)babel-helper-function-name
,babel-plugin-transform-arrow-functions
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
helper-function-name
logic (@ nicolo-ribaudo)🏃♀️ Performance
babel-parser
,babel-plugin-proposal-pipeline-operator
🔬 Output optimization
babel-plugin-transform-classes
assertThisInitialized
(@ liuxingbaoyu)babel-helper-create-class-features-plugin
,babel-helper-replace-supers
,babel-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-classes
,babel-plugin-transform-exponentiation-operator
,babel-plugin-transform-object-super
,babel-plugin-transform-private-methods
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
super.x
output (@ liuxingbaoyu)babel-plugin-transform-class-properties
,babel-plugin-transform-classes
Committers: 6
Package name: @babel/runtime
v7.25.4 (2024-08-22)
🐛 Bug Fix
babel-traverse
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-types
babel-generator
export namespace as A
(@ nicolo-ribaudo)💅 Polish
babel-generator
,babel-plugin-proposal-decorators
,babel-plugin-proposal-destructuring-private
,babel-plugin-proposal-pipeline-operator
,babel-plugin-transform-class-properties
,babel-plugin-transform-destructuring
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-private-methods
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-typescript
,babel-runtime-corejs2
,babel-runtime
,babel-traverse
babel-generator
,babel-plugin-transform-class-properties
babel-generator
,babel-plugin-proposal-decorators
,babel-plugin-proposal-destructuring-private
,babel-plugin-transform-object-rest-spread
🔬 Output optimization
babel-generator
Committers: 4
v7.25.0 (2024-07-26)
Thanks @ davidtaylorhq and @ slatereax for your first PR!
You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.
👓 Spec Compliance
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
await using
normative updates (@ JLHwung)babel-plugin-transform-typescript
🚀 New Feature
babel-helper-create-class-features-plugin
,babel-helper-function-name
,babel-helper-plugin-utils
,babel-helper-wrap-function
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression
,babel-plugin-transform-classes
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
,babel-types
ensureFunctionName
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-hoist-variables
,babel-helper-plugin-utils
,babel-plugin-proposal-async-do-expressions
,babel-plugin-transform-modules-systemjs
,babel-traverse
hoistVariables
toScope.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-split-export-declaration
,babel-plugin-transform-classes
,babel-traverse
,babel-types
splitExportDeclaration
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-environment-visitor
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-remap-async-to-generator
,babel-helper-replace-supers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-bugfix-v8-static-class-fields-redefine-readonly
,babel-plugin-transform-async-generator-functions
,babel-plugin-transform-classes
,babel-traverse
environment-visitor
helper into@ babel/traverse
(@ nicolo-ribaudo)babel-core
,babel-parser
.extra.async
(@ nicolo-ribaudo)babel-compat-data
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-preset-env
bugfix-safari-class-field-initializer-scope
(@ davidtaylorhq)babel-plugin-transform-block-scoping
,babel-traverse
,babel-types
NodePath#getAssignmentIdentifiers
(@ JLHwung)babel-helper-import-to-platform-api
,babel-plugin-proposal-json-modules
uncheckedRequire
option for JSON imports to CJS (@ nicolo-ribaudo)babel-helper-transform-fixture-test-runner
,babel-node
babel-node --eval
(@ slatereax)babel-compat-data
,babel-helper-create-regexp-features-plugin
,babel-plugin-proposal-duplicate-named-capturing-groups-regex
,babel-plugin-transform-duplicate-named-capturing-groups-regex
,babel-preset-env
,babel-standalone
duplicate-named-capturing-groups-regex
topreset-env
(@ JLHwung)🐛 Bug Fix
babel-generator
babel-template
,babel-types
🏠 Internal
babel-generator
(
before ambiguous tokens (@ nicolo-ribaudo)babel-helper-function-name
,babel-plugin-transform-arrow-functions
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
helper-function-name
logic (@ nicolo-ribaudo)🏃♀️ Performance
babel-parser
,babel-plugin-proposal-pipeline-operator
🔬 Output optimization
babel-plugin-transform-classes
assertThisInitialized
(@ liuxingbaoyu)babel-helper-create-class-features-plugin
,babel-helper-replace-supers
,babel-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-classes
,babel-plugin-transform-exponentiation-operator
,babel-plugin-transform-object-super
,babel-plugin-transform-private-methods
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
super.x
output (@ liuxingbaoyu)babel-plugin-transform-class-properties
,babel-plugin-transform-classes
Committers: 6
v7.24.8 (2024-07-11)
Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!
👓 Spec Compliance
babel-parser
declare
(@ liuxingbaoyu)🐛 Bug Fix
babel-generator
in
infor
heads (@ nicolo-ribaudo)await using
(@ nicolo-ribaudo)babel-parser
using
declarations (@ H0onnn).value: undefined
to regexp literals (@ liuxingbaoyu)babel-types
ObjectTypeInternalSlot
visitor keys (@ nicolo-ribaudo)babel-plugin-transform-typescript
export import x =
(@ liuxingbaoyu)💅 Polish
babel-generator
async
infor await
(@ nicolo-ribaudo)babel-traverse
Scope.globals
multiple times (@ liuxingbaoyu)Committers: 9
Package name: browserify
16.5.2
Remove deprecated
mkdirp
version in favour ofmkdirp-classic
.00c913f
Pin dependencies for Node.js 0.8 support.
#1939
Support custom name for
"browser"
field resolution inpackage.json
using thebrowserField
option.#1918
Package name: cssnano
Package name: gulp-zip
v5.0.2...v5.1.0
v5.0.1...v5.0.2
v5.0.0...v5.0.1
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"babel/preset-env","to":"babel/preset-env"},{"name":"","from":"babel/runtime","to":"babel/runtime"},{"name":"browserify","from":"16.5.0","to":"16.5.2"},{"name":"cssnano","from":"4.1.10","to":"4.1.11"},{"name":"gulp-zip","from":"5.0.1","to":"5.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ACORN-559469","issue_id":"SNYK-JS-ACORN-559469","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-CACHEDPATHRELATIVE-2342653","issue_id":"SNYK-JS-CACHEDPATHRELATIVE-2342653","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1085627","issue_id":"SNYK-JS-ISSVG-1085627","priority_score"...