-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency ua-parser-js to v0.7.33 [security] #841
base: master
Are you sure you want to change the base?
Conversation
34799a4
to
21da58e
Compare
21da58e
to
480cb13
Compare
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: yarn.lock
|
|
This PR contains the following updates:
0.7.23
->0.7.33
GitHub Vulnerability Alerts
CVE-2022-25927
Description:
A regular expression denial of service (ReDoS) vulnerability has been discovered in
ua-parser-js
.Impact:
This vulnerability bypass the library's
MAX_LENGTH
input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.Affected Versions:
All versions of the library prior to version
0.7.33
/1.0.33
.Patches:
A patch has been released to remove the vulnerable regular expression, update to version
0.7.33
/1.0.33
or later.References:
Regular expression Denial of Service - ReDoS
Credits:
Thanks to @Snyk who first reported the issue.
Release Notes
faisalman/ua-parser-js (ua-parser-js)
v0.7.33
Compare Source
v0.7.32
Compare Source
v0.7.31
Compare Source
v0.7.30
Compare Source
v0.7.28
Compare Source
v0.7.27
Compare Source
v0.7.26
Compare Source
v0.7.25
Compare Source
v0.7.24
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.