renovate[bot]
commented
1 year ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: yarn.lock
Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
This PR contains the following updates:
5.1.2->5.1.5GitHub Vulnerability Alerts
CVE-2022-43441
Impact
Due to the underlying implementation of
.ToString(), it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object.Users of
sqlite3v5.0.0 - v5.1.4 are affected by this.Patches
Fixed in v5.1.5. All users are recommended to upgrade to v5.1.5 or later.
Workarounds
References
For more information
If you have any questions or comments about this advisory:
Credits: Dave McDaniel of Cisco Talos
Release Notes
TryGhost/node-sqlite3 (sqlite3)
### [`v5.1.5`](https://redirect.github.com/TryGhost/node-sqlite3/releases/tag/v5.1.5) [Compare Source](https://redirect.github.com/TryGhost/node-sqlite3/compare/v5.1.4...v5.1.5) #### What's Changed - 🔒 Fixed code execution vulnerability due to Object coercion by [@daniellockyer](https://redirect.github.com/daniellockyer) - Updated bundled SQLite to v3.41.1 by [@daniellockyer](https://redirect.github.com/daniellockyer) - Fixed rpath linker option when using a custom sqlite by [@jeromew](https://redirect.github.com/jeromew) in [https://github.com/TryGhost/node-sqlite3/pull/1654](https://redirect.github.com/TryGhost/node-sqlite3/pull/1654) **Full Changelog**: https://github.com/TryGhost/node-sqlite3/compare/v5.1.4...v5.1.5 ### [`v5.1.4`](https://redirect.github.com/TryGhost/node-sqlite3/releases/tag/v5.1.4) [Compare Source](https://redirect.github.com/TryGhost/node-sqlite3/compare/v5.1.3...v5.1.4) #### What's Changed - Fixed glibc compatibility by downgrading CI to Ubuntu 20 by [@daniellockyer](https://redirect.github.com/daniellockyer) in [https://github.com/TryGhost/node-sqlite3/pull/1664](https://redirect.github.com/TryGhost/node-sqlite3/pull/1664) **Full Changelog**: https://github.com/TryGhost/node-sqlite3/compare/v5.1.3...v5.1.4 ### [`v5.1.3`](https://redirect.github.com/TryGhost/node-sqlite3/releases/tag/v5.1.3) [Compare Source](https://redirect.github.com/TryGhost/node-sqlite3/compare/v5.1.2...v5.1.3) #### What's Changed - Updated bundled SQLite to v3.40.0 by [@daniellockyer](https://redirect.github.com/daniellockyer) **Full Changelog**: https://github.com/TryGhost/node-sqlite3/compare/v5.1.2...v5.1.3Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.