Open renovate[bot] opened 5 months ago
vercel[bot]
commented
5 months ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| blog | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 28, 2024 5:33pm |
changeset-bot[bot]
commented
5 months ago Latest commit: 67466f19fcded399b9b25fbe22f1b12dbc8d2b87
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This PR contains the following updates:
3.0.2->3.0.3GitHub Vulnerability Alerts
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the
compileClient,compileFileClient, orcompileClientWithDependenciesTrackedfunction. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.Release Notes
pugjs/pug (pug)
### [`v3.0.3`](https://redirect.github.com/pugjs/pug/releases/tag/pug%403.0.3) [Compare Source](https://redirect.github.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3) ##### Bug Fixes - Update pug-code-gen with the following fix: ([#3438](https://redirect.github.com/pugjs/pug/issues/3438)) Validate `templateName` and `globals` are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation optionsConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.