fix(deps): update dependency dustjs-linkedin to v3 [security] #100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: See also issue LinkedInAttic/dustjs-helpers#148 |
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
144c800
to
5c0ad45
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
dea562b
to
635c158
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
3 times, most recently
from
9c4387c
to
a817663
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
4e0fd04
to
6e581e1
Compare
|
This cannot be merged because of:
Ref #35 (comment) |
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
6e581e1
to
7c98121
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
7c98121
to
60d502c
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
0c978fd
to
5cbacda
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
5cbacda
to
058b197
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
058b197
to
8f1738b
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
75bed57
to
348248a
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
5 times, most recently
from
5f055c9
to
43e171f
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
43e171f
to
4d0a116
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
4d0a116
to
1e20aa9
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
72895bb
to
d9be209
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
e717886
to
5c18f6e
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
f0ab2e6
to
1fe6d22
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
822c7b7
to
7397183
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
2275e90
to
abb2d8c
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
4 times, most recently
from
64f6ee8
to
9937ee2
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
9b23093
to
bacbc92
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
bacbc92
to
06b16d8
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
2 times, most recently
from
ee5651f
to
ae42991
Compare
renovate
bot
force-pushed
the
renovate/npm-dustjs-linkedin-vulnerability
branch
from
ae42991
to
a91b55f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.7.5->3.0.0GitHub Vulnerability Alerts
CVE-2021-4264
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 can address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.
Release Notes
linkedin/dustjs (dustjs-linkedin)
v3.0.0Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.