search

adobe / aem-react-core-wcm-components

42 stars 16 forks source link

chore(deps): update dependency react-dev-utils to v11 [security] - autoclosed #40

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
react-dev-utils ^10.2.1 -> ^11.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.

Release Notes

facebook/create-react-app ### [`v11.0.3`](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.2...react-dev-utils@11.0.3) [Compare Source](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.2...react-dev-utils@11.0.3) ### [`v11.0.2`](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.1...react-dev-utils@11.0.2) [Compare Source](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.1...react-dev-utils@11.0.2) ### [`v11.0.1`](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.0...react-dev-utils@11.0.1) [Compare Source](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@11.0.0...react-dev-utils@11.0.1) ### [`v11.0.0`](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@10.2.1...react-dev-utils@11.0.0) [Compare Source](https://togithub.com/facebook/create-react-app/compare/react-dev-utils@10.2.1...react-dev-utils@11.0.0)

Configuration

📅 Schedule: "" in timezone Europe/Zurich.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

codecov[bot] commented 3 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@8fb7ba0). Click here to learn what that means. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master      #40   +/-   ##
=========================================
  Coverage          ?   97.76%           
=========================================
  Files             ?       44           
  Lines             ?      672           
  Branches          ?      141           
=========================================
  Hits              ?      657           
  Misses            ?       15           
  Partials          ?        0

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8fb7ba0...6abb1ec. Read the comment docs.

sonarcloud[bot] commented 3 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information