Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-25758 Fix #50

Open
wants to merge 87 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
87 commits
Select commit Hold shift + click to select a range
83ba42e
Bump ini from 1.3.5 to 1.3.8
dependabot[bot] Aug 2, 2022
e4e1d59
Bump handlebars from 4.0.12 to 4.7.7
dependabot[bot] Aug 2, 2022
6c9ca41
Bump y18n from 3.2.1 to 3.2.2
dependabot[bot] Aug 2, 2022
b310e0e
Bump lodash from 4.17.5 to 4.17.21
dependabot[bot] Aug 2, 2022
fcb5fe4
Create dependabot.yml
Gyarbij Aug 2, 2022
9d0d586
Bump tmpl from 1.0.4 to 1.0.5
dependabot[bot] Aug 2, 2022
e5488c8
Merge pull request #8 from konzepts/Gyarbij-dependabot
Gyarbij Aug 2, 2022
133d137
Update README.md
Gyarbij Aug 2, 2022
0dfd455
Merge pull request #1 from konzepts/dependabot/npm_and_yarn/ini-1.3.8
Gyarbij Aug 2, 2022
407badb
Merge pull request #2 from konzepts/dependabot/npm_and_yarn/handlebar…
Gyarbij Aug 2, 2022
1c3c1fa
Merge pull request #3 from konzepts/dependabot/npm_and_yarn/y18n-3.2.2
Gyarbij Aug 2, 2022
bf9ddf3
Merge pull request #4 from konzepts/dependabot/npm_and_yarn/lodash-4.…
Gyarbij Aug 2, 2022
a69f73f
Bump json-schema from 0.2.3 to 0.4.0
dependabot[bot] Aug 2, 2022
f1e0b02
Merge pull request #5 from konzepts/dependabot/npm_and_yarn/tmpl-1.0.5
Gyarbij Aug 2, 2022
bfc358f
Merge pull request #10 from konzepts/dependabot/npm_and_yarn/json-sch…
Gyarbij Aug 2, 2022
319b7e4
Bump async from 2.6.1 to 2.6.4
dependabot[bot] Aug 2, 2022
c0936f7
Bump ws from 5.2.2 to 5.2.3
dependabot[bot] Aug 2, 2022
3cc9b85
Bump set-value from 0.4.3 to 2.0.1
dependabot[bot] Aug 2, 2022
171c0c6
Merge pull request #6 from konzepts/dependabot/npm_and_yarn/ws-5.2.3
Gyarbij Aug 2, 2022
cdcc459
Merge pull request #7 from konzepts/dependabot/npm_and_yarn/async-2.6.4
Gyarbij Aug 2, 2022
903d943
Bump path-parse from 1.0.6 to 1.0.7
dependabot[bot] Aug 2, 2022
7a91575
Bump minimist from 0.0.8 to 1.2.6
dependabot[bot] Aug 2, 2022
a3d1b5e
Merge pull request #11 from konzepts/dependabot/npm_and_yarn/minimist…
Gyarbij Aug 2, 2022
5ddf179
Bump tar from 4.4.1 to 4.4.19
dependabot[bot] Aug 2, 2022
8a5d59f
Merge pull request #14 from konzepts/dependabot/npm_and_yarn/path-par…
Gyarbij Aug 2, 2022
1d594c4
Merge pull request #13 from konzepts/dependabot/npm_and_yarn/set-valu…
Gyarbij Aug 2, 2022
fd366d9
Merge pull request #12 from konzepts/dependabot/npm_and_yarn/tar-4.4.19
Gyarbij Aug 2, 2022
f7a3454
Bump hosted-git-info from 2.6.0 to 2.8.9
dependabot[bot] Aug 2, 2022
b2ae0a4
Bump ajv from 6.6.1 to 6.12.6
dependabot[bot] Aug 2, 2022
1ad925c
Merge pull request #17 from konzepts/dependabot/npm_and_yarn/ajv-6.12.6
Gyarbij Aug 2, 2022
77d21c9
Merge pull request #16 from konzepts/dependabot/npm_and_yarn/hosted-g…
Gyarbij Aug 2, 2022
e6bd86c
Create codeql-analysis.yml
Gyarbij Aug 2, 2022
f601716
Bump mixin-deep from 1.3.1 to 1.3.2
dependabot[bot] Aug 2, 2022
02aeeb8
Merge pull request #18 from konzepts/dependabot/npm_and_yarn/mixin-de…
Gyarbij Aug 2, 2022
e480add
Bump chownr from 1.0.1 to 1.1.4
dependabot[bot] Aug 2, 2022
f01b720
Bump babel-jest from 23.6.0 to 28.1.3
dependabot[bot] Aug 8, 2022
26e2665
Bump source-map from 0.7.3 to 0.7.4
dependabot[bot] Aug 8, 2022
ab50474
Bump sass-spec from 3.5.1 to 3.5.4
dependabot[bot] Aug 8, 2022
b8ea643
Merge pull request #22 from konzepts/dependabot/npm_and_yarn/sass-spe…
Gyarbij Aug 9, 2022
7039af1
Merge pull request #21 from konzepts/dependabot/npm_and_yarn/source-m…
Gyarbij Aug 9, 2022
9db1997
Bump js-base64 from 2.4.9 to 3.7.2
dependabot[bot] Aug 9, 2022
8eb1b30
Merge pull request #20 from konzepts/dependabot/npm_and_yarn/babel-je…
Gyarbij Aug 9, 2022
8117c49
Merge pull request #15 from konzepts/dependabot/npm_and_yarn/chownr-1…
Gyarbij Aug 9, 2022
75cd570
Bump js-yaml from 3.12.0 to 3.14.1
dependabot[bot] Aug 9, 2022
98f6800
Merge pull request #24 from konzepts/dependabot/npm_and_yarn/js-yaml-…
Gyarbij Aug 9, 2022
3810794
Merge pull request #23 from konzepts/dependabot/npm_and_yarn/js-base6…
Gyarbij Aug 9, 2022
6959370
Bump mem from 1.1.0 to 4.3.0
dependabot[bot] Aug 9, 2022
7bb1202
Merge pull request #25 from konzepts/dependabot/npm_and_yarn/mem-4.3.0
Gyarbij Aug 9, 2022
fdeca07
Bump glob from 7.1.3 to 8.0.3
dependabot[bot] Aug 15, 2022
a5d7f13
Merge pull request #26 from konzepts/dependabot/npm_and_yarn/glob-8.0.3
Gyarbij Aug 20, 2022
c2c72d8
Bump jest from 23.6.0 to 28.1.3
dependabot[bot] Aug 20, 2022
8554458
Merge pull request #19 from konzepts/dependabot/npm_and_yarn/jest-28.1.3
Gyarbij Aug 25, 2022
2951aa9
Bump babel-jest from 28.1.3 to 29.0.2
dependabot[bot] Sep 5, 2022
e5c60a3
Merge pull request #30 from konzepts/dependabot/npm_and_yarn/babel-je…
Gyarbij Sep 7, 2022
57c2e04
Bump jest from 28.1.3 to 29.0.3
dependabot[bot] Sep 12, 2022
3b4d436
Bump babel-jest from 29.0.2 to 29.0.3
dependabot[bot] Sep 12, 2022
01232a1
Merge pull request #32 from konzepts/dependabot/npm_and_yarn/babel-je…
Gyarbij Sep 14, 2022
83f1a26
Merge pull request #31 from konzepts/dependabot/npm_and_yarn/jest-29.0.3
Gyarbij Sep 14, 2022
4369127
Bump minimatch from 3.0.4 to 3.1.2
dependabot[bot] Nov 13, 2022
c3747f3
Bump babel-jest from 29.0.3 to 29.3.1
dependabot[bot] Nov 14, 2022
dfd2fd4
Bump jest from 29.0.3 to 29.3.1
dependabot[bot] Nov 14, 2022
7747f45
Merge pull request #43 from konzepts/dependabot/npm_and_yarn/jest-29.3.1
Gyarbij Nov 14, 2022
979dadc
Merge pull request #42 from konzepts/dependabot/npm_and_yarn/babel-je…
Gyarbij Nov 14, 2022
ff06eca
Merge pull request #41 from konzepts/dependabot/npm_and_yarn/minimatc…
Gyarbij Nov 14, 2022
e9c0912
Merge branch 'sasstools:master' into main
Gyarbij Nov 14, 2022
ea5a9c1
Bump js-base64 from 3.7.2 to 3.7.3
dependabot[bot] Nov 21, 2022
b996394
Merge pull request #44 from konzepts/dependabot/npm_and_yarn/js-base6…
Gyarbij Nov 24, 2022
4291e53
Bump decode-uri-component from 0.2.0 to 0.2.2
dependabot[bot] Dec 9, 2022
121abed
Merge pull request #45 from konzepts/dependabot/npm_and_yarn/decode-u…
Gyarbij Apr 5, 2023
9e1e4a6
Bump jest from 29.3.1 to 29.5.0
dependabot[bot] Apr 10, 2023
7d3594c
Bump glob from 8.0.3 to 10.1.0
dependabot[bot] Apr 17, 2023
d81f998
Merge pull request #59 from konzepts/dependabot/npm_and_yarn/glob-10.1.0
Gyarbij Apr 21, 2023
61cc573
Merge pull request #57 from konzepts/dependabot/npm_and_yarn/jest-29.5.0
Gyarbij Apr 21, 2023
a32da4c
Bump glob from 10.1.0 to 10.2.6
dependabot[bot] May 22, 2023
ee54c32
Merge pull request #62 from konzepts/dependabot/npm_and_yarn/glob-10.2.6
Gyarbij Jun 5, 2023
7901df7
Bump glob from 10.2.6 to 10.3.1
dependabot[bot] Jul 3, 2023
bcdbd90
Merge pull request #65 from konzepts/dependabot/npm_and_yarn/glob-10.3.1
Gyarbij Jul 3, 2023
348d11a
Bump jest from 29.5.0 to 29.6.1
dependabot[bot] Jul 10, 2023
d8c4bf3
Bump babel-jest from 29.3.1 to 29.6.1
dependabot[bot] Jul 10, 2023
94e1f34
Bump glob from 10.3.1 to 10.3.3
dependabot[bot] Jul 10, 2023
48108d9
Merge pull request #66 from konzepts/dependabot/npm_and_yarn/jest-29.6.1
Gyarbij Jul 12, 2023
adc8cdf
Merge pull request #67 from konzepts/dependabot/npm_and_yarn/babel-je…
Gyarbij Jul 12, 2023
bfa5c9f
Merge pull request #68 from konzepts/dependabot/npm_and_yarn/glob-10.3.3
Gyarbij Jul 12, 2023
bcf4665
Bump fsevents from 1.2.4 to 1.2.13
dependabot[bot] Oct 10, 2023
e6b2e66
Bump @babel/traverse from 7.18.11 to 7.23.2
dependabot[bot] Oct 18, 2023
cc0fc59
Merge pull request #79 from konzepts/dependabot/npm_and_yarn/babel/tr…
Gyarbij Oct 23, 2023
cf6254b
Merge pull request #78 from konzepts/dependabot/npm_and_yarn/fsevents…
Gyarbij Oct 23, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "npm" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
72 changes: 72 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '23 2 * * 1'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
A fork to fix critical issues with this package.

# scss-tokenizer
A tokenizer for Sass' SCSS syntax

![https://travis-ci.org/sasstools/scss-tokenizer.svg?branch=master](https://img.shields.io/travis/sasstools/scss-tokenizer.svg)
![https://www.npmjs.com/package/scss-tokenizer](https://img.shields.io/npm/v/scss-tokenizer.svg)
![https://github.com/sasstools/scss-tokenizer/issues](https://img.shields.io/github/issues/sasstools/scss-tokenizer.svg)
![](https://img.shields.io/github/license/sasstools/scss-tokenizer.svg)
![https://github.com/konzepts/scss-tokenizer/issues](https://img.shields.io/github/issues/sasstools/scss-tokenizer.svg)
![](https://img.shields.io/github/license/konzepts/scss-tokenizer.svg)

# Install

Expand Down
Loading