Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
376: chore(deps): update dependency husky to v7.0.4 r=jbolda a=renovate[bot] [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [husky](https://typicode.github.io/husky) ([source](https://togithub.com/typicode/husky)) | [`7.0.2` -> `7.0.4`](https://renovatebot.com/diffs/npm/husky/7.0.2/7.0.4) | [![age](https://badges.renovateapi.com/packages/npm/husky/7.0.4/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/husky/7.0.4/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/husky/7.0.4/compatibility-slim/7.0.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/husky/7.0.4/confidence-slim/7.0.2)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>typicode/husky</summary> ### [`v7.0.4`](https://togithub.com/typicode/husky/releases/v7.0.4) [Compare Source](https://togithub.com/typicode/husky/compare/v7.0.3...v7.0.4) *No changes. Husky v7.0.3 was reverted, this version is the same as v7.0.2.* ### [`v7.0.3`](https://togithub.com/typicode/husky/compare/v7.0.2...v7.0.3) [Compare Source](https://togithub.com/typicode/husky/compare/v7.0.2...v7.0.3) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/jbolda/gatsby-source-airtable). 377: chore(deps): update dependency nock to v13.2.1 r=jbolda a=renovate[bot] [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [nock](https://togithub.com/nock/nock) | [`13.1.3` -> `13.2.1`](https://renovatebot.com/diffs/npm/nock/13.1.3/13.2.1) | [![age](https://badges.renovateapi.com/packages/npm/nock/13.2.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/nock/13.2.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/nock/13.2.1/compatibility-slim/13.1.3)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/nock/13.2.1/confidence-slim/13.1.3)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nock/nock</summary> ### [`v13.2.1`](https://togithub.com/nock/nock/releases/v13.2.1) [Compare Source](https://togithub.com/nock/nock/compare/v13.2.0...v13.2.1) ##### Bug Fixes - **type:** add `update` type for record mode ([#​2250](https://togithub.com/nock/nock/issues/2250)) ([e8f23b1](https://togithub.com/nock/nock/commit/e8f23b1fc53ecfa7054de1bef2531b39c9218041)), closes [#​2241](https://togithub.com/nock/nock/issues/2241) ### [`v13.2.0`](https://togithub.com/nock/nock/releases/v13.2.0) [Compare Source](https://togithub.com/nock/nock/compare/v13.1.4...v13.2.0) ##### Features - **record:** `update` mode ([#​2241](https://togithub.com/nock/nock/issues/2241)) ([1cb4880](https://togithub.com/nock/nock/commit/1cb4880730621eabc918dbc0dac8713de894290a)) ### [`v13.1.4`](https://togithub.com/nock/nock/releases/v13.1.4) [Compare Source](https://togithub.com/nock/nock/compare/v13.1.3...v13.1.4) ##### Bug Fixes - send Buffer with length ([#​2232](https://togithub.com/nock/nock/issues/2232)) ([8fcc607](https://togithub.com/nock/nock/commit/8fcc607433590e1993d552a06a041e3061d1905b)) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/jbolda/gatsby-source-airtable). 387: chore(deps): update dependency node-forge to 1.0.0 [security] r=jbolda a=renovate[bot] [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | |---|---| | node-forge | [`0.10.0` -> `1.0.0`](https://renovatebot.com/diffs/npm/node-forge/0.10.0/1.0.0) | ### GitHub Vulnerability Alerts #### [GHSA-5rrq-pxf6-6jx5](https://togithub.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5) ### Impact The `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way. ### Patches The `forge.debug` API and related functions were removed in 1.0.0. ### Workarounds Don't use the `forge.debug` API directly or indirectly with untrusted input. ### References - https://www.huntr.dev/bounties/1-npm-node-forge/ ### For more information If you have any questions or comments about this advisory: * Open an issue in [forge](https://togithub.com/digitalbazaar/forge). * Email us at support@digitalbazaar.com. #### [GHSA-gf8q-jrpm-jvxq](https://togithub.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq) ### Impact The regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior. ### Patches `forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API. ### Workarounds Ensure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input. ### References - https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/ ### For more information If you have any questions or comments about this advisory: * Open an issue in [forge](https://togithub.com/digitalbazaar/forge) * Email us at support@digitalbazaar.com #### [CVE-2022-0122](https://nvd.nist.gov/vuln/detail/CVE-2022-0122) parseUrl functionality in node-forge mishandles certain uses of backslash such as https:/\/\/\ and interprets the URI as a relative path. --- ### Configuration 📅 **Schedule**: "" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/jbolda/gatsby-source-airtable). 390: chore(deps): update dependency url-parse to 1.5.2 [security] r=jbolda a=renovate[bot] [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | |---|---| | url-parse | [`1.5.1` -> `1.5.2`](https://renovatebot.com/diffs/npm/url-parse/1.5.1/1.5.2) | ### GitHub Vulnerability Alerts #### [CVE-2021-3664](https://nvd.nist.gov/vuln/detail/CVE-2021-3664) # Overview Affected versions of npm `url-parse` are vulnerable to URL Redirection to Untrusted Site. # Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. --- ### Configuration 📅 **Schedule**: "" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/jbolda/gatsby-source-airtable). Co-authored-by: Renovate Bot <bot@renovateapp.com>
- Loading branch information