Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore(deps): update dependency hosted-git-info to 2.8.9 [security] #282

Merged
merged 1 commit into from
May 11, 2021
Merged

chore(deps): update dependency hosted-git-info to 2.8.9 [security] #282

merged 1 commit into from
May 11, 2021

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 7, 2021

WhiteSource Renovate

This PR contains the following updates:

Package Change
hosted-git-info 2.8.8 -> 2.8.9

GitHub Vulnerability Alerts

CVE-2021-23362

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Configuration

📅 Schedule: "" in timezone Asia/Tokyo.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the deps Pull requests that update a dependency file label May 7, 2021
@renovate renovate bot changed the title chore(deps): update dependency hosted-git-info to 2.8.9 [security] chore(deps): update dependency hosted-git-info to 2.8.9 [security] - autoclosed May 10, 2021
@renovate renovate bot closed this May 10, 2021
@renovate renovate bot deleted the renovate/npm-hosted-git-info-vulnerability branch May 10, 2021 04:21
@renovate renovate bot changed the title chore(deps): update dependency hosted-git-info to 2.8.9 [security] - autoclosed chore(deps): update dependency hosted-git-info to 2.8.9 [security] May 10, 2021
@renovate renovate bot reopened this May 10, 2021
@renovate renovate bot restored the renovate/npm-hosted-git-info-vulnerability branch May 10, 2021 07:50
@renovate renovate bot force-pushed the renovate/npm-hosted-git-info-vulnerability branch from 135dfb3 to 488210c Compare May 10, 2021 07:51
@ruedap ruedap merged commit 25d90a1 into main May 11, 2021
@ruedap ruedap deleted the renovate/npm-hosted-git-info-vulnerability branch May 11, 2021 11:43
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
deps Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ruedap @renovate-bot