Update dependency docsify to 4.12.0 [SECURITY] #750

renovate · 2021-03-04T13:34:17Z

This PR contains the following updates:

Package	Change
docsify	`4.11.6` -> `4.12.0`

GitHub Vulnerability Alerts

CVE-2021-23342

This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

Update dependency docsify to 4.12.0 [SECURITY]

9981cdd

renovate bot force-pushed the renovate/npm-docsify-vulnerability branch from a435bc2 to 9981cdd Compare March 4, 2021 16:45

goce-cz merged commit d6e676b into master Mar 4, 2021

goce-cz deleted the renovate/npm-docsify-vulnerability branch March 4, 2021 18:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency docsify to 4.12.0 [SECURITY] #750

Update dependency docsify to 4.12.0 [SECURITY] #750

renovate bot commented Mar 4, 2021 •

edited

Update dependency docsify to 4.12.0 [SECURITY] #750

Update dependency docsify to 4.12.0 [SECURITY] #750

Conversation

renovate bot commented Mar 4, 2021 • edited

GitHub Vulnerability Alerts

CVE-2021-23342

Renovate configuration

renovate bot commented Mar 4, 2021 •

edited