-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency dot-prop to 4.2.1 [security] - abandoned #466
base: master
Are you sure you want to change the base?
Conversation
Codecov Report
@@ Coverage Diff @@
## master #466 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 1 1
Lines 4 4
=========================================
Hits 4 4 Continue to review full report at Codecov.
|
3479c40
to
211d374
Compare
f5ef365
to
565043f
Compare
8f3129c
to
cf0545d
Compare
9bee405
to
c5a9a0d
Compare
3dadfc0
to
32ce336
Compare
bcdd0fa
to
6033899
Compare
6033899
to
8c1077b
Compare
8c1077b
to
9fc7270
Compare
9fc7270
to
852b22d
Compare
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
This PR contains the following updates:
3.0.0
->4.2.1
GitHub Vulnerability Alerts
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.