codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
This PR contains the following updates:
3.6.1
->3.6.5
GitHub Vulnerability Alerts
CVE-2020-7597
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
Release Notes
codecov/codecov-node
### [`v3.6.5`](https://togithub.com/codecov/codecov-node/compare/v3.6.4...v3.6.5) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.4...v3.6.5) ### [`v3.6.4`](https://togithub.com/codecov/codecov-node/releases/v3.6.4) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.3...v3.6.4) Fix for Cirrus CI ### [`v3.6.3`](https://togithub.com/codecov/codecov-node/releases/v3.6.3) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.2...v3.6.3) AWS Codebuild fixes + package updates ### [`v3.6.2`](https://togithub.com/codecov/codecov-node/releases/v3.6.2) [Compare Source](https://togithub.com/codecov/codecov-node/compare/v3.6.1...v3.6.2) command line args sanitisedRenovate configuration
:date: Schedule: "" in timezone America/Los_Angeles.
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.