aevea / knit

Tool to gamify merge requests
0 stars 0 forks source link

fix(deps): update dependency sirv-cli to v0.4.6 #68

Open renovate[bot] opened 4 years ago

renovate[bot] commented 4 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sirv-cli 0.4.5 -> 0.4.6 age adoption passing confidence

Release Notes

lukeed/sirv ### [`v0.4.6`](https://togithub.com/lukeed/sirv/releases/v0.4.6) [Compare Source](https://togithub.com/lukeed/sirv/compare/v0.4.5...v0.4.6) > **NOTICE**
This version patches a directory-traversal **security vulnerability** that exists in `dev` mode only. All users should update _immediately_, even if they don't think they're using `--dev` or `opts.dev` on live servers. There are no other changes in this release. > > #### Patches - Fixes `dev` mode security vulnerability ([#​63](https://togithub.com/lukeed/sirv/issues/63)): [`1e0bac5`](https://togithub.com/lukeed/sirv/commit/1e0bac5) _Thank you [@​marvinhagemeister](https://togithub.com/marvinhagemeister)~!_ As Marvin describes: This allows an attacker to traverse the file system outside of the specified directory. Let's say `sirv` was initialized to serve files from /foo/bar: ```js sirv("/foo/bar"); ``` ...and an attacker makes a request to: GET /../../etc/passwd ...then they are able to download the contents of that file. ##### Chores - Attach GitHub Actions: [`ea15d6a`](https://togithub.com/lukeed/sirv/commit/ea15d6a) - Update test runner: [`2b965cd`](https://togithub.com/lukeed/sirv/commit/2b965cd) - Update `lerna` version: [`0b6de8d`](https://togithub.com/lukeed/sirv/commit/0b6de8d)

Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.