Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable dependencies [SECURITY] #1729

Merged
merged 1 commit into from
Dec 9, 2024
Merged

Update vulnerable dependencies [SECURITY] #1729

merged 1 commit into from
Dec 9, 2024

Conversation

pulumi-renovate[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
Newtonsoft.Json (source) nuget major 10.0.3 -> 13.0.1
jsonwebtoken dependencies major 8.5.1 -> 9.0.0
next (source) dependencies patch 14.2.7 -> 14.2.10
redis dependencies major ^2.8.0 -> ^3.1.1
redis dependencies major 2.8.0 -> 3.1.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Improper Handling of Exceptional Conditions in Newtonsoft.Json

CVE-2024-21907 / GHSA-5crp-9r3c-p9vr

More information

Details

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).

The serialization and deserialization path have different properties regarding the issue.

Deserializing methods (like JsonConvert.DeserializeObject) will process the input that results in burning the CPU, allocating memory, and consuming a thread of execution. Quite high nesting level (>10kk, or 9.5MB of {a:{a:{... input) is needed to achieve the latency over 10 seconds, depending on the hardware.

Serializing methods (like JsonConvert.Serialize or JObject.ToString) will throw StackOverFlow exception with the nesting level of around 20k.

To mitigate the issue one either need to update Newtonsoft.Json to 13.0.1 or set MaxDepth parameter in the JsonSerializerSettings. This can be done globally with the following statement. After that the parsing of the nested input will fail fast with Newtonsoft.Json.JsonReaderException:

JsonConvert.DefaultSettings = () => new JsonSerializerSettings { MaxDepth = 128 };

Repro code:

//Create a string representation of an highly nested object (JSON serialized)
int nRep = 25000;
string json = string.Concat(Enumerable.Repeat("{a:", nRep)) + "1" +
 string.Concat(Enumerable.Repeat("}", nRep));

//Parse this object (leads to high CPU/RAM consumption)
var parsedJson = JsonConvert.DeserializeObject(json);

// Methods below all throw stack overflow with nRep around 20k and higher
// string a = parsedJson.ToString();
// string b = JsonConvert.SerializeObject(parsedJson);
Additional affected product and version information

The original statement about the problem only affecting IIS applications is misleading. Any application is affected, however the IIS has a behavior that stops restarting the instance after some time resulting in a harder-to-fix DoS.**

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

GitHub Vulnerability Alerts

CVE-2022-23540

Overview

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.

Am I affected?

You will be affected if all the following are true in the jwt.verify() function:

  • a token with no signature is received
  • no algorithms are specified
  • a falsy (e.g. null, false, undefined) secret or key is passed

How do I fix it?

Update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method.

Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

CVE-2022-23540 / GHSA-qwph-4952-7xr6

More information

Details

Overview

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.

Am I affected?

You will be affected if all the following are true in the jwt.verify() function:

  • a token with no signature is received
  • no algorithms are specified
  • a falsy (e.g. null, false, undefined) secret or key is passed
How do I fix it?

Update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method.

Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

Severity

  • CVSS Score: 6.4 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

CVE-2022-23541 / GHSA-hjrf-2m68-5959

More information

Details

Overview

Versions <=8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens.

Am I affected?

You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function.

How do I fix it?

Update to version 9.0.0.

Will the fix impact my users?

There is no impact for end users

Severity

  • CVSS Score: 5.0 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

jsonwebtoken unrestricted key type could lead to legacy keys usage

CVE-2022-23539 / GHSA-8cf7-32gw-wr33

More information

Details

Overview

Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.

Am I affected?

You are affected if you are using an algorithm and a key type other than the combinations mentioned below

Key type algorithm
ec ES256, ES384, ES512
rsa RS256, RS384, RS512, PS256, PS384, PS512
rsa-pss PS256, PS384, PS512

And for Elliptic Curve algorithms:

alg Curve
ES256 prime256v1
ES384 secp384r1
ES512 secp521r1
How do I fix it?

Update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option to true in the sign() and/or verify() functions.

Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.

Severity

  • CVSS Score: 8.1 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Next.js Cache Poisoning

CVE-2024-46982 / GHSA-gp8f-8m3g-qvj9

More information

Details

Impact

By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a Cache-Control: s-maxage=1, stale-while-revalidate header which some upstream CDNs may cache as well.

To be potentially affected all of the following must apply:

  • Next.js between 13.5.1 and 14.2.9
  • Using pages router
  • Using non-dynamic server-side rendered routes e.g. pages/dashboard.tsx not pages/blog/[slug].tsx

The below configurations are unaffected:

  • Deployments using only app router
  • Deployments on Vercel are not affected
Patches

This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not.

Workarounds

There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.

Credits
  • Allam Rachid (zhero_)
  • Henry Chen

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Node-Redis potential exponential regex in monitor mode

CVE-2021-29469 / GHSA-35q2-47q7-3pc3

More information

Details

Impact

When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.

Patches

The problem was fixed in commit 2d11b6d and was released in version 3.1.1.

References

#​1569 (GHSL-2021-026)

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

CVE-2021-29469

Impact

When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service.

Patches

The problem was fixed in commit 2d11b6d and was released in version 3.1.1.

References

#​1569 (GHSL-2021-026)

Release Notes

JamesNK/Newtonsoft.Json (Newtonsoft.Json)

v13.0.1

Compare Source

  • New feature - Add JsonSelectSettings with configuration for a regex timeout
  • Change - Remove portable assemblies from NuGet package
  • Change - JsonReader and JsonSerializer MaxDepth defaults to 64
  • Change - Change InvalidCastException to JsonSerializationException on mismatched JToken
  • Fix - Fixed throwing missing member error on ignored fields
  • Fix - Fixed various nullable annotations
  • Fix - Fixed annotations not being copied when tokens are cloned
  • Fix - Fixed naming strategy not being used when deserializing dictionary enum keys
  • Fix - Fixed serializing nullable struct dictionaries
  • Fix - Fixed JsonWriter.WriteToken to allow null with string token
  • Fix - Fixed missing error when deserializing JToken with a contract type mismatch
  • Fix - Fixed JTokenWriter when writing comment to an object

v12.0.3

Compare Source

  • New feature - Added support for nullable reference types
  • New feature - Added KebabCaseNamingStrategy
  • Change - Package now uses embedded package icon
  • Fix - Fixed bug when merging JToken with itself
  • Fix - Fixed performance of calling ICustomTypeDescriptor.GetProperties
  • Fix - Fixed serializing Enumerable.Empty and empty arrays on .NET Core 3.0
  • Fix - Fixed deserializing some collection types with constructor
  • Fix - Fixed deserializing IImmutableSet to ImmutableHashSet instead of ImmutableSortedSet
  • Fix - Fixed deserializing IImmutableDictionary to ImmutableDictionary instead of ImmutableSortedDictionary
  • Fix - Fixed deserializing into constructors with more than 256 parameters
  • Fix - Fixed hang when deserializing JTokenReader with preceding comment
  • Fix - Fixed JSONPath scanning with nested indexer
  • Fix - Fixed deserializing incomplete JSON object to JObject
  • Fix - Fixed using StringEnumConverter with naming strategy and specified values

v12.0.2

Compare Source

  • New feature - Added MissingMemberHandling to JsonObjectAttribute and JsonObjectContract
  • New feature - Added constructor to JTokenReader to specify initial path
  • New feature - Added JsonProperty.IsRequiredSpecified
  • New feature - Added JsonContract.InternalConverter
  • Change - Moved embedded debug symbols in NuGet package to a symbol package on NuGet.org
  • Fix - Fixed deserializing nullable struct collections
  • Fix - Fixed memory link when serializing enums to named values
  • Fix - Fixed error when setting JsonLoadSettings.DuplicatePropertyNameHandling to Replace

v12.0.1

Compare Source

  • New feature - Added NuGet package signing
  • New feature - Added Authenticode assembly signing
  • New feature - Added SourceLink support
  • New feature - Added constructors to StringEnumConverter for setting AllowIntegerValue
  • New feature - Added JsonNameTable and JsonTextReader.PropertyNameTable
  • New feature - Added line information to JsonSerializationException
  • New feature - Added JObject.Property overload with a StringComparison
  • New feature - Added JsonMergeSettings.PropertyNameComparison
  • New feature - Added support for multiple Date constructors with JavaScriptDateTimeConverter
  • New feature - Added support for strict equals and strict not equals in JSON Path queries
  • New feature - Added EncodeSpecialCharacters setting to XmlNodeConverter
  • New feature - Added trace message for serializing to non-writable properties
  • New feature - Added support for NamingStrategy to StringEnumConverter
  • New feature - Added JsonLoadSettings.DuplicatePropertyNameHandling setting
  • Change - JTokenReader now uses JsonReader.DateTimeZoneHandling setting for date values
  • Change - Excluded TargetSite when serializing Exceptions without SerializableAttribute
  • Change - Changed StringEnumConverter.ctor(bool camelCaseText) to obsolete
  • Change - Changed StringEnumConverter.CamelCaseText to obsolete
  • Fix - Fixed incorrect overflow when reading decimal values from JSON
  • Fix - Fixed error message when trying to deserialize an abstract serializable type
  • Fix - Fixed parsing decimals from a string with an exponent
  • Fix - Fixed losing DateTime.Kind when deserializing ISO date strings
  • Fix - Fixed calling constructors with ref and in parameters
  • Fix - Fixed rare race condition in name table when serializing
  • Fix - Fixed unhelpful exception message when unable to convert JSON value to DateTime
  • Fix - Fixed error when deserializing empty array in DataTable
  • Fix - Fixed deserializing empty string to empty byte array
  • Fix - Fixed blank extension data values with required properties and deserializing with constructor
  • Fix - Fixed ignored values being set in extension data when deserializing
  • Fix - Fixed comparing equal integer and floating point values in JSON Path
  • Fix - Fixed BsonReader when reading multiple content
  • Fix - Fixed setting extension data with existing key
  • Fix - Fixed including array attribute in XML with namespaces when converting JSON to XML
  • Fix - Fixed error when serializing ref struct properties by excluding them from serialization

v11.0.2

Compare Source

  • Change - Revert DataContractAttribute to not force JSON object serialization (use JsonObjectAttribute instead)
  • Fix - Fixed JPropertyDesciptor.GetValue and SetValue to not throw for non-JObject argument
  • Fix - Fixed JObject ICustomTypeDescriptor.GetProperty to return the current instance
  • Fix - Fixed serializing FileInfo/DirectoryInfo with a JsonConverter in .NET Standard
  • Fix - Fixed serializing F# enums
  • Fix - Fixed serializing types with multiple members of the same name

v11.0.1

Compare Source

  • New feature - Added netstandard2.0 build
  • New feature - Added generic JsonConverter
  • New feature - Added UnixDateConverter for converting Unix timestaps
  • New feature - Added support for regex operator in JSON Paths
  • New feature - Added JsonObjectAttribute.ItemNullValueHandling
  • New feature - Added JsonObjectContract.ItemNullValueHandling
  • New feature - Improved performance when resolving serialization contracts by using ConcurrentDictionary
  • New feature - Improved performance of JToken.Path with a faster reverse
  • New feature - Improved performance of parsing Int32 JSON integer values
  • New feature - Improved performance of parsing and writing enum names
  • New feature - Added IgnoreIsSpecifiedMembers to DefaultContractResolver
  • New feature - Added IgnoreShouldSerializeMembers to DefaultContractResolver
  • New feature - Added support for reading multiple comma delimited values with JsonReader.SupportMultipleContent
  • New feature - Improved error message when an object is reused with PreserveReferencesHandling
  • New feature - Added IConvertible support to netstandard1.3
  • New feature - Added INotifyPropertyChanging support to netstandard1.3
  • New feature - Optimized internal buffering when writing very large strings
  • New feature - JObject.ContainsKey is now public
  • New feature - Improved the error message when serialized ByRef properties
  • New feature - Improved the error message when serializing FileInfo/DictionaryInfo without ISerializable
  • New feature - Improved the error message when failing conversion in JsonReader.ReadAsInt32 and JsonReader.ReadAsDecimal
  • New feature - Improved the error message when deserializing badly formatted regex strings
  • Change - Types that implement ISerializable but don't have [SerializableAttribute] are not serialized using ISerializable
  • Change - Changed JsonProperty.MemberConverter to obsolete
  • Change - Changed camel casing logic for all caps words to not leave last character capitalized
  • Change - Changed enum serialization in dictionary keys to use EnumMemberAttribute
  • Fix - Fixed converting default datetime in JSON to XML on netstandard1.3
  • Fix - Fixed deserializing ObservableCollection in .NET Core 2.0
  • Fix - Fixed incorrectly allowing static IsSpecified properties
  • Fix - Fixed not preserving trailing zeros when deserializing decimals
  • Fix - Fixed JValue.CompareTo with number and string values
  • Fix - Fixed not erroring when reading undefined for nullable long
  • Fix - Fixed serializing immutable collections when .NET 4.0 or previous Newtonsoft.Json assembly is GACed
  • Fix - Fixed writing null values by XmlNodeConverter and RegexConverter
  • Fix - Fixed deserializing with a TraceWriter when the reader is not at the start
  • Fix - Fixed TraceJsonWriter.WriteValue(object) writing value twice
  • Fix - Fixed deserializing with constructor and readonly collection property
  • Fix - Fixed error when writing unknown null value as JSON
  • Fix - Fixed merging null string values
  • Fix - Fixed missing CancellationToken usages in JsonTextWriter.WriteAsync
  • Fix - Fixed error with JsonSerializer.Populate and comments in JSON array
  • Fix - Fixed error handling when deserializing certain dictionary and lists
  • Fix - Fixed serializing collection that is nullable
  • Fix - Fixed JsonTextReader sync read in async method
  • Fix - Fixed JsonConverter not called when target type is list and token is a string
  • Fix - Fixed serializing a property that is defined in multiple interfaces
  • Fix - Fixed error when deserializing null value into ConcurrentDictionary
  • Fix - Fixed escaping special characters in generated JSON Paths
  • Fix - Fixed reading escaped special characters in JSON Paths
  • Fix - Fixed using extension data with dictionary that explicitly implements Add method
  • Fix - Fixed parsing enum name to exact casing value before falling back to case-insensitive value
  • Fix - Fixed DataContractAttribute not forcing object serialization of classes
  • Fix - Fixed bug when deserializing into existing non-IList collection
  • Fix - Fixed bug when deserializing into existing non-IDictionary collection
  • Fix - Fixed JsonReader.ReadAsInt32 with BigInteger values
auth0/node-jsonwebtoken (jsonwebtoken)

v9.0.0

Compare Source

Breaking changes: See Migration from v8 to v9

Breaking changes
Security fixes
  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
vercel/next.js (next)

v14.2.10

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
Credits

Huge thanks to @​huozhi and @​ijjk for helping!

v14.2.9

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • Revert "Fix esm property def in flight loader (#​66990)" (#​69749)
  • Disable experimental.optimizeServer by default to fix failed server action (#​69788)
  • Fix middleware fallback: false case (#​69799)
  • Fix status code for /_not-found route (#​64058) (#​69808)
  • Fix metadata prop merging (#​69807)
  • create-next-app: fix font file corruption when using import alias (#​69806)
Credits

Huge thanks to @​huozhi, @​ztanner, @​ijjk, and @​lubieowoce for helping!

v14.2.8

Compare Source

What's Changed

[!NOTE]
This release is backporting bug fixes and minor improvements. It does not include all pending features/changes on canary.

Support esmExternals in app directory
Reading cookies set in middleware in components and actions
  • initialize ALS with cookies in middleware (#​65008)
  • fix middleware cookie initialization (#​65820)
  • ensure cookies set in middleware can be read in a server action (#​67924)
  • fix: merged middleware cookies should preserve options (#​67956)
Metadata and icons
  • support facebook-specific metadata (fb:app_id, fb:admins) in generateMetaData (#​65713)
  • Always collect static icons for all segments (#​68712)
  • Fix favicon merging with customized icons (#​67982)
  • Warn metadataBase missing in standalone mode or non vercel deployment (#​66296)
Parallel routes fixes
  • fix missing stylesheets when parallel routes are present (#​69507)
Draft mode and edge improvements
next/image fixes
  • Allow external image urls with _next/image pathname to be rendered via Image component (#​69586)
Server actions improvements
  • optimize server actions (#​66523)
  • Apply optimization for unused actions (#​69178)
  • Improve SWC transform ID generation (#​69183)
Other changes
  • Ensure we match comment minify behavior between terser and swc (#​68372)
  • send initialCanonicalUrl in array format to prevent crawler confusion (#​69509)
Create-next-app updates

Full Changelog: vercel/next.js@v14.2.7...v14.2.8

Huge thanks to everyone who contributed to this release:
@​abhi12299, @​delbaoliveira, @​eps1lon, @​ForsakenHarmony, @​huozhi, @​ijjk, @​JoshuaKGoldberg, @​leerob, @​lubieowoce, @​Netail, @​ronanru, @​samcx, @​shuding, @​sokra, @​stylessh, @​timfuhrmann, @​wbinnssmith, @​wyattjoh, @​ypessoa, @​ztanner

redis/node-redis (redis)

v3.1.1

Compare Source

Enhancements
  • Upgrade node and dependencies
Fixes
  • Fix a potential exponential regex in monitor mode

v3.1.0

Compare Source

Enhancements
  • Upgrade node and dependencies and redis-commands to support Redis 6
  • Add support for Redis 6 auth pass [user]

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

This version is mainly a release to distribute all the unreleased changes on master since 2017 and additionally removes
a lot of old deprecated features and old internals in preparation for an upcoming modernization refactor (v4).

Breaking Changes
  • Dropped support for Node.js < 6
  • Dropped support for hiredis (no longer required)
  • Removed previously deprecated drain event
  • Removed previously deprecated idle event
  • Removed previously deprecated parser option
  • Removed previously deprecated max_delay option
  • Removed previously deprecated max_attempts option
  • Removed previously deprecated socket_no_delay option
Bug Fixes
  • Removed development files from published package (#​1370)
  • Duplicate function now allows db param to be passed (#​1311)
Features
  • Upgraded to latest redis-commands package
  • Upgraded to latest redis-parser package, v3.0.0, which brings performance improvements
  • Replaced double-ended-queue with denque, which brings performance improvements
  • Add timestamps to debug traces
  • Add socket_initial_delay option for socket.setKeepAlive (#​1396)
  • Add support for rediss protocol in url (#​1282)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "before 4am on Monday" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@pulumi-renovate pulumi-renovate bot added dependencies Pull requests that update a dependency file impact/no-changelog-required This issue doesn't require a CHANGELOG update labels Dec 7, 2024
@blampe blampe merged commit 7fe3d2f into master Dec 9, 2024
47 checks passed
@blampe blampe deleted the renovate/security branch December 9, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pulumi-renovate-approve pulumi-renovate-approve[bot] pulumi-renovate-approve[bot] approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file impact/no-changelog-required This issue doesn't require a CHANGELOG update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@blampe