chore(deps): update dependency simple-git to v3.16.0 [security] #84
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
207c145 to
e3a67fb
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
e3a67fb to
e4457be
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
e4457be to
a312cd3
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
a312cd3 to
ee5b09a
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
ee5b09a to
ef90fe6
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
ef90fe6 to
7cd754f
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
7cd754f to
1fb04f6
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
1fb04f6 to
21fffe4
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
21fffe4 to
e3bedf8
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
e3bedf8 to
e825068
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
e825068 to
24e1337
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
24e1337 to
fbe6c47
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
2 times, most recently
from
edaa557 to
8dad16e
Compare
renovate
bot
force-pushed
the
renovate/npm-simple-git-vulnerability
branch
from
8dad16e to
64a74f9
Compare
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.7.1->3.16.0GitHub Vulnerability Alerts
CVE-2022-25912
The package simple-git before 3.15.0 is vulnerable to Remote Code Execution (RCE) when enabling the
exttransport protocol, which makes it exploitable viaclone()method. This vulnerability exists due to an incomplete fix of CVE-2022-24066.CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.
Release Notes
steveukx/git-js (simple-git)
v3.16.0Compare Source
Minor Changes
97fde2c: Support the use of-Bin place of the default-bin checkout methods0a623e5: Adds vulnerability detection to prevent use of--upload-packand--receive-packwithout explicitly opting in.Patch Changes
ec97a39: Include restricting the use of git push --exec with other allowUnsafePack exclusions, thanks to @stsewd for the suggestion.v3.15.1Compare Source
Patch Changes
de570ac: Resolves an issue whereby non-strings can be passed into the config switch detector.v3.15.0Compare Source
Minor Changes
7746480: Disables the use of inline configuration arguments to prevent unitentionally allowing non-standard remote protocols without explicitly opting in to this practice with the newallowUnsafeProtocolOverrideproperty having been enabled.Patch Changes
7746480: - Upgrade repo dependencies - lerna and jestv3.14.1Compare Source
Patch Changes
5a2e7e4: Add version parsing support for non-numeric patches (including "built from source" style1.11.GIT)v3.14.0Compare Source
Minor Changes
19029fc: Create the abort plugin to allow cancelling all pending and future tasks.4259b26: Add.versionto return git version information, including whether the git binary is installed.v3.13.0Compare Source
Minor Changes
87b0d75: Increase the level of deprecation notices for use ofsimple-git/promise, which will be fully removed in the next majord0dceda: Allow supplying just one of to/from in the options supplied to git.logPatch Changes
6b3e05c: Use shared test utilities bundle in simple-git tests, to enable consistent testing across packages in the futurev3.12.0Compare Source
Minor Changes
bfd652b: Add a new configuration option to enable trimming white-space from the response togit.rawv3.11.0Compare Source
Minor Changes
80d54bd: Added fields updated + deleted branch info to fetch response, closes #823Patch Changes
75dfcb4: Add prettier configuration and apply formatting throughout.v3.10.0Compare Source
Minor Changes
2f021e7: Support for importing as an ES module with TypeScript moduleResolutionnode16or newer by addingsimpleGitas a named export.v3.9.0Compare Source
Minor Changes
a0d4eb8: Branches that have been checked out as a linked work tree will now be included in theBranchSummaryoutput, with alinkedWorkTreeproperty set totruein theBranchSummaryBranch.v3.8.0Compare Source
Minor Changes
25230cb: Support for additional log formats in diffSummary / log / stashList.Adds support for the
--numstat,--name-onlyand--name-statin addition to the existing--statoption.Patch Changes
2cfc16f: Update CI environments to run build and test in node v18, drop node v12 now out of life.13197f1: Updatedebugdependency to latest4.xConfiguration
📅 Schedule: Branch creation - "" in timezone Europe/Rome, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.