Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency systeminformation to version 4.27.11 馃専 #9068

Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 3, 2020

This PR contains the following updates:

Package Type Update Change
systeminformation (source) dependencies minor 4.26.9 -> 4.27.11

GitHub Vulnerability Alerts

CVE-2020-7752

Impact

command injection vulnerability

Patches

Problem was fixed with a shell string sanitation fix. Please upgrade to version >= 4.27.11

Workarounds

If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite()

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory:

Release Notes

sebhildebrandt/systeminformation

v4.27.11

Compare Source

v4.27.10

Compare Source

v4.27.9

Compare Source

v4.27.8

Compare Source

v4.27.7

Compare Source

v4.27.6

Compare Source

v4.27.5

Compare Source

v4.27.4

Compare Source

v4.27.3

Compare Source

v4.27.2

Compare Source

v4.27.1

Compare Source

v4.27.0

Compare Source

v4.26.12

Compare Source

v4.26.11

Compare Source

v4.26.10

Compare Source


Renovate configuration

馃搮 Schedule: "" in timezone America/New_York.

馃殾 Automerge: Disabled by config. Please merge this manually once you are satisfied.

鈾伙笍 Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

馃敃 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Nov 3, 2020
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Nov 3, 2020

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

@jennifer-shehane
Copy link
Member

Found GitHub alerting about this being a security vulnerability, so might as well update. https://github.com/cypress-io/cypress/network/alert/packages/server/package.json/systeminformation/open

Copy link
Member

@jennifer-shehane jennifer-shehane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed a bunch of bugs.

Screen Shot 2020-11-03 at 3 44 43 PM

@cypress
Copy link

cypress bot commented Nov 3, 2020



Test summary

8668 0 124 3Flakiness 1


Run details

Project cypress
Status Passed
Commit 9211a67
Started Nov 3, 2020 9:17 AM
Ended Nov 3, 2020 9:28 AM
Duration 11:26 馃挕
OS Linux Debian - 10.2
Browser Multiple

View run in Cypress Dashboard 鉃★笍


Flakiness

cypress/integration/retries.ui.spec.js 1聽Flakiness
1 runner/cypress retries.ui.spec > opens attempt on each attempt failure for the screenshot, and closes after test passes

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@jennifer-shehane jennifer-shehane merged commit 0237380 into develop Nov 3, 2020
@renovate renovate bot deleted the renovate/npm-systeminformation-vulnerability branch November 3, 2020 09:46
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Nov 9, 2020

Released in 5.6.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v5.6.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Nov 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
renovate Triggered by renovatebot type: dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants