fix(deps): update dependency dustjs-linkedin to v3 [security] #100
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Owner
|
This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: See also issue LinkedInAttic/dustjs-helpers#148 |
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
144c800 to
5c0ad45
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
dea562b to
635c158
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
9c4387c to
a817663
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
4e0fd04 to
6e581e1
Compare
Owner
|
This cannot be merged because of:
Ref #35 (comment) |
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
6e581e1 to
7c98121
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
7c98121 to
60d502c
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
0c978fd to
5cbacda
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
5cbacda to
058b197
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
058b197 to
8f1738b
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
79e5822 to
d4ef613
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
d4ef613 to
8488f2a
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
906e1db to
a092a86
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
a092a86 to
f6e3a21
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
a047507 to
46e4160
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
46e4160 to
b202386
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
b202386 to
1aaf773
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
a005494 to
da226d6
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
5c69a77 to
7be30a2
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
0368a68 to
ee780f7
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
cc9a18b to
3cfef65
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
3cfef65 to
65e4a08
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
65e4a08 to
bf354cc
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
9c3d087 to
cabf624
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
a737e0c to
0c1344a
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
0c1344a to
d061ee7
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
d061ee7 to
c987be3
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
c987be3 to
3625039
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.7.5->3.0.0GitHub Vulnerability Alerts
CVE-2021-4264
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 can address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.
Release Notes
linkedin/dustjs (dustjs-linkedin)
v3.0.0Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.