chore(deps): update dependency mixme to 0.5.1 [security] #572

renovate · 2021-05-06T17:06:29Z

This PR contains the following updates:

Package	Change
mixme	`0.3.2` -> `0.5.1`

GitHub Vulnerability Alerts

CVE-2021-29491

Impact

In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Patches

The problem is corrected starting with version 0.5.1.

Workarounds

No

References

Issue: adaltas/node-mixme#1
Commit: adaltas/node-mixme@cfd5fbf

For more information

If you have any questions or comments about this advisory:

Open an issue in example link to repo
Email me

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

chore(deps): update dependency mixme to 0.5.1 [security]

142c3c9

renovate bot merged commit dbf07df into develop May 6, 2021

renovate bot deleted the renovate/npm-mixme-vulnerability branch May 6, 2021 17:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency mixme to 0.5.1 [security] #572

chore(deps): update dependency mixme to 0.5.1 [security] #572

renovate bot commented May 6, 2021

chore(deps): update dependency mixme to 0.5.1 [security] #572

chore(deps): update dependency mixme to 0.5.1 [security] #572

Conversation

renovate bot commented May 6, 2021

GitHub Vulnerability Alerts

CVE-2021-29491

Impact

Patches

Workarounds

References

For more information

Configuration