Skip to content

fix(deps): update dependency mongoose to v5.13.20 [security]#295

Merged
timoa merged 1 commit intodevelopfrom
fix/deps/npm-mongoose-vulnerability
Aug 3, 2023
Merged

fix(deps): update dependency mongoose to v5.13.20 [security]#295
timoa merged 1 commit intodevelopfrom
fix/deps/npm-mongoose-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jul 19, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mongoose (source) 5.13.19 -> 5.13.20 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.

Release Notes

Automattic/mongoose (mongoose)

v5.13.20

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate Bot added dependencies Pull requests that update a dependency file security labels Jul 19, 2023
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Jul 19, 2023

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

@renovate renovate Bot force-pushed the fix/deps/npm-mongoose-vulnerability branch 2 times, most recently from 16a8fe9 to 3176d11 Compare July 31, 2023 20:03
github-actions[bot]
github-actions Bot reviewed Jul 31, 2023
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 0 1 1 0
Security Audit for Infrastructure 0 1 0 0
Shell Script Analysis 0 0 0 0

Recommendation

Looks good ✔️

@renovate renovate Bot force-pushed the fix/deps/npm-mongoose-vulnerability branch 4 times, most recently from 947fdea to 2dc96f4 Compare August 2, 2023 06:29
@renovate
fix(deps): update dependency mongoose to v5.13.20 [security]
1b2baaa 
| datasource | package  | from    | to      |
| ---------- | -------- | ------- | ------- |
| npm        | mongoose | 5.13.19 | 5.13.20 |
@renovate renovate Bot force-pushed the fix/deps/npm-mongoose-vulnerability branch from 2dc96f4 to 1b2baaa Compare August 3, 2023 16:06
github-actions[bot]
github-actions Bot reviewed Aug 3, 2023
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 0 1 1 0
Shell Script Analysis 0 0 0 0
Security Audit for Infrastructure 0 1 0 0

Recommendation

Looks good ✔️

@timoa timoa merged commit e592d13 into develop Aug 3, 2023
@timoa timoa deleted the fix/deps/npm-mongoose-vulnerability branch August 3, 2023 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@timoa timoa timoa approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timoa