Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency is-svg to 4.3.0 [SECURITY] #224

Merged
merged 1 commit into from
Jan 26, 2022
Merged

Update dependency is-svg to 4.3.0 [SECURITY] #224

merged 1 commit into from
Jan 26, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 8, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change
is-svg 3.0.0 -> 4.3.0

GitHub Vulnerability Alerts

CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.

CVE-2021-29059

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the renovate label Dec 8, 2021
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch from 05b557c to 36ec0e4 Compare December 18, 2021 03:39
@renovate renovate bot changed the title Update dependency is-svg to 4.2.2 [SECURITY] Update dependency is-svg to 4.3.0 [SECURITY] Dec 18, 2021
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch from 36ec0e4 to 0a7a35a Compare December 25, 2021 03:15
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch 2 times, most recently from 9976b06 to c9e1ea1 Compare January 3, 2022 02:36
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch from c9e1ea1 to a2e35ce Compare January 15, 2022 03:26
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch 2 times, most recently from 054c19c to 872ead7 Compare January 22, 2022 17:17
@renovate renovate bot force-pushed the renovate/npm-is-svg-vulnerability branch from 872ead7 to e60b830 Compare January 26, 2022 13:41
@hrigner hrigner merged commit 9b7dfcf into master Jan 26, 2022
@hrigner hrigner deleted the renovate/npm-is-svg-vulnerability branch January 26, 2022 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hrigner @renovate-bot