Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): pin dependency mongodb to v2.2.36 [security] #77

Merged
merged 1 commit into from
Jan 21, 2022
Merged

fix(deps): pin dependency mongodb to v2.2.36 [security] #77

merged 1 commit into from
Jan 21, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 11, 2022
edited

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
mongodb dependencies pin ^2.2.30 -> 2.2.36

GitHub Vulnerability Alerts

GHSA-mh5c-679w-hh4r

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.

Recommendation

Upgrade to version 3.1.13 or later.

πŸ“Œ Important: Renovate will wait until you have merged this Pin PR before creating any upgrade PRs for the affected packages. Add the preset :preserveSemverRanges to your config if you instead don't wish to pin dependencies.

Configuration

πŸ“… Schedule: "" (UTC).

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the renovate label Jan 11, 2022
@renovate renovate bot changed the title chore(deps): update dependency mongodb to 3.1.13 [security] chore(deps): update dependency mongodb to 3.1.13 [security] - autoclosed Jan 21, 2022
@renovate renovate bot closed this Jan 21, 2022
@renovate renovate bot deleted the renovate/npm-mongodb-vulnerability branch January 21, 2022 16:08
@renovate renovate bot changed the title chore(deps): update dependency mongodb to 3.1.13 [security] - autoclosed chore(deps): update dependency mongodb to 3.1.13 [security] Jan 21, 2022
@renovate renovate bot reopened this Jan 21, 2022
@renovate renovate bot restored the renovate/npm-mongodb-vulnerability branch January 21, 2022 16:18
@renovate renovate bot force-pushed the renovate/npm-mongodb-vulnerability branch from eb23671 to f05f25b Compare January 21, 2022 16:28
@renovate renovate bot changed the title chore(deps): update dependency mongodb to 3.1.13 [security] fix(deps): update dependency mongodb to v4 [security] Jan 21, 2022
@renovate renovate bot force-pushed the renovate/npm-mongodb-vulnerability branch from f05f25b to ad660e5 Compare January 21, 2022 16:31
@renovate renovate bot changed the title fix(deps): update dependency mongodb to v4 [security] fix(deps): update dependency mongodb to v3 [security] Jan 21, 2022
@renovate renovate bot force-pushed the renovate/npm-mongodb-vulnerability branch from ad660e5 to 1ca7b3a Compare January 21, 2022 17:17
@renovate renovate bot changed the title fix(deps): update dependency mongodb to v3 [security] fix(deps): pin dependency mongodb to v2.2.36 [security] Jan 21, 2022
@renovate renovate bot force-pushed the renovate/npm-mongodb-vulnerability branch from 1ca7b3a to 2f97071 Compare January 21, 2022 17:34
@ojeytonwilliams ojeytonwilliams merged commit 5ed4539 into master Jan 21, 2022
@ojeytonwilliams ojeytonwilliams deleted the renovate/npm-mongodb-vulnerability branch January 21, 2022 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ojeytonwilliams @renovate-bot