Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed #198

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed #198

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 4, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change
set-value 0.4.3 -> 2.0.1

GitHub Vulnerability Alerts

CVE-2019-10747

Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.

Recommendation

If you are using set-value 3.x, upgrade to version 3.0.1 or later.
If you are using set-value 2.x, upgrade to version 2.0.1 or later.

CVE-2021-23440

This affects the package set-value before 2.0.1, and starting with 3.0.0 but prior to 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@commit-lint
Copy link

commit-lint bot commented Mar 4, 2021
edited

Chore

  • deps: update dependency set-value to 2.0.1 [security] (ca64930)

Contributors

renovate[bot]

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

  • @Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
  • @Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
  • @Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
  • @Commit-Lint merge disable will desactivate merge dependabot PR
  • @Commit-Lint review will approve dependabot PR
  • @Commit-Lint stop review will stop approve dependabot PR

@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 2466d7d on renovate/npm-set-value-vulnerability into 7b3852c on master.

@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 4.0.1 [security] Oct 19, 2021
@renovate renovate bot changed the title chore(deps): update dependency set-value to 4.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] Mar 7, 2022
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - abandoned Mar 25, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Mar 25, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - abandoned chore(deps): update dependency set-value to 2.0.1 [security] Mar 25, 2023
@renovate renovate bot force-pushed the renovate/npm-set-value-vulnerability branch from 2466d7d to ca64930 Compare March 25, 2023 05:19
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 25, 2023
@renovate renovate bot closed this Mar 25, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 25, 2023 07:31
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Mar 25, 2023
@renovate renovate bot reopened this Mar 25, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch March 25, 2023 09:20
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 27, 2023
@renovate renovate bot closed this Mar 27, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 27, 2023 23:46
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Mar 28, 2023
@renovate renovate bot reopened this Mar 28, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch March 28, 2023 00:25
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 28, 2023
@renovate renovate bot closed this Mar 28, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 28, 2023 05:57
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Mar 28, 2023
@renovate renovate bot reopened this Mar 28, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch March 28, 2023 08:02
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 28, 2023
@renovate renovate bot closed this Mar 28, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 28, 2023 09:43
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Mar 31, 2023
@renovate renovate bot reopened this Mar 31, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch March 31, 2023 18:07
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 31, 2023
@renovate renovate bot closed this Mar 31, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 31, 2023 19:14
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Mar 31, 2023
@renovate renovate bot reopened this Mar 31, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch March 31, 2023 22:17
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Mar 31, 2023
@renovate renovate bot closed this Mar 31, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch March 31, 2023 22:56
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Apr 1, 2023
@renovate renovate bot reopened this Apr 1, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch April 1, 2023 05:23
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Apr 3, 2023
@renovate renovate bot closed this Apr 3, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch April 3, 2023 10:27
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Apr 3, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch April 3, 2023 18:00
@renovate renovate bot reopened this Apr 3, 2023
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed Apr 17, 2023
@renovate renovate bot closed this Apr 17, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch April 17, 2023 11:54
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed chore(deps): update dependency set-value to 2.0.1 [security] Apr 18, 2023
@renovate renovate bot reopened this Apr 18, 2023
@renovate renovate bot restored the renovate/npm-set-value-vulnerability branch April 18, 2023 09:54
@renovate renovate bot changed the title chore(deps): update dependency set-value to 2.0.1 [security] chore(deps): update dependency set-value to 2.0.1 [security] - autoclosed May 28, 2023
@renovate renovate bot closed this May 28, 2023
@renovate renovate bot deleted the renovate/npm-set-value-vulnerability branch May 28, 2023 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@coveralls