search

adobe / aem-core-cif-components

A set of configurations and components to get you started with AEM Commerce development
Apache License 2.0
103 stars 80 forks source link

Update dependency log4js to 6.4.0 [SECURITY] #808

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change
log4js 6.3.0 -> 6.4.0

GitHub Vulnerability Alerts

CVE-2022-21704

Impact

Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.

Patches

Fixed by:

Released to NPM in log4js@6.4.0

Workarounds

Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details.

References

Thanks to ranjit-git for raising the issue, and to @​peteriman for fixing the problem.

For more information

If you have any questions or comments about this advisory:

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

codecov[bot] commented 2 years ago

Codecov Report

Merging #808 (a2bb3e9) into master (8511d8c) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #808   +/-   ##
=========================================
  Coverage     89.45%   89.45%           
  Complexity     1885     1885           
=========================================
  Files           316      316           
  Lines          8381     8381           
  Branches       1265     1265           
=========================================
  Hits           7497     7497           
  Misses          630      630           
  Partials        254      254
Flag Coverage Δ
integration 55.22% <ø> (ø)
jest 86.40% <ø> (ø)
karma 94.83% <ø> (ø)
unittests 88.88% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8511d8c...a2bb3e9. Read the comment docs.