DevExpress / devextreme-renovation

5 stars 16 forks source link

chore(deps): update dependency minimist to v1.2.6 [security] - autoclosed #952

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
minimist 1.2.5 -> 1.2.6 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-44906

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).


Release Notes

minimistjs/minimist (minimist) ### [`v1.2.6`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v126---2022-03-21) [Compare Source](https://togithub.com/minimistjs/minimist/compare/v1.2.5...v1.2.6) ##### Commits - test from prototype pollution PR [`bc8ecee`](https://togithub.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb) - isConstructorOrProto adapted from PR [`c2b9819`](https://togithub.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d) - security notice for additional prototype pollution issue [`ef88b93`](https://togithub.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.