codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
This PR contains the following updates:
3.2.0->3.6.5GitHub Vulnerability Alerts
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
Release Notes
codecov/codecov-node
### [`v3.6.5`](https://togithub.com/codecov/codecov-node/compare/v3.6.4...ebe132e8b9002a15678a0ad66fa0db8f5baee352) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.4...ebe132e8b9002a15678a0ad66fa0db8f5baee352) ### [`v3.6.4`](https://togithub.com/codecov/codecov-node/releases/v3.6.4) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.3...v3.6.4) Fix for Cirrus CI ### [`v3.6.3`](https://togithub.com/codecov/codecov-node/releases/v3.6.3) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.2...v3.6.3) AWS Codebuild fixes + package updates ### [`v3.6.2`](https://togithub.com/codecov/codecov-node/releases/v3.6.2) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.1...v3.6.2) command line args sanitised ### [`v3.6.1`](https://togithub.com/codecov/codecov-node/releases/v3.6.1) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.0...v3.6.1) Fix for Semaphore ### [`v3.6.0`](https://togithub.com/codecov/codecov-node/releases/v3.6.0) [Compare Source](https://togithub.com/codecov/codecov-node/compare/e98d176505b669fe2973336fe9c037e6ea4f2948...v3.6.0) AWS CodeBuild Semaphore v2 ### [`v3.5.0`](https://togithub.com/codecov/codecov-node/compare/v3.4.0...e98d176505b669fe2973336fe9c037e6ea4f2948) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.4.0...e98d176505b669fe2973336fe9c037e6ea4f2948) ### [`v3.4.0`](https://togithub.com/codecov/codecov-node/compare/v3.3.0...v3.4.0) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.3.0...v3.4.0) ### [`v3.3.0`](https://togithub.com/codecov/codecov-node/releases/v3.3.0) [Compare Source](https://togithub.com/codecov/codecov-node/compare/e427d900309adb50746a39a50aa7d80071a5ddd0...v3.3.0) Added pipe `--pipe`, `-l`Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.