search

Gum-Joe / 2Keys

A easy to setup second keyboard, designed for everyone.
GNU General Public License v3.0
11 stars 4 forks source link

🚨 [security] Update codecov: 3.6.1 → 3.6.5 (patch) #64

Closed depfu[bot] closed 4 years ago

depfu[bot] commented 4 years ago

🚨 Your version of codecov has known security vulnerabilities 🚨

Advisory: CVE-2020-7597 Disclosed: February 19, 2020 URL: https://nvd.nist.gov/vuln/detail/CVE-2020-7597

Moderate severity vulnerability that affects codecov

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.


🚨 We recommend to merge and deploy this update as soon as possible! 🚨

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ codecov (3.6.1 → 3.6.5) · Repo

Release Notes

3.6.4

Fix for Cirrus CI

3.6.3

AWS Codebuild fixes + package updates

3.6.2

command line args sanitised

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
codecov[bot] commented 4 years ago

Codecov Report

Merging #64 into master will not change coverage by %. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #64   +/-   ##
=======================================
  Coverage   58.91%   58.91%           
=======================================
  Files           7        7           
  Lines         202      202           
  Branches       25       25           
=======================================
  Hits          119      119           
  Misses         76       76           
  Partials        7        7

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d3b17dd...c458489. Read the comment docs.