Open balena-ci opened 1 year ago
This PR contains the following updates:
11.8.3
11.8.5
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
@balena-ci I self-certify!
balena-ci
commented
1 year ago balena-ci
commented
1 year ago
This PR contains the following updates:
11.8.3->11.8.5GitHub Vulnerability Alerts
CVE-2022-33987
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
Release Notes
sindresorhus/got
### [`v11.8.5`](https://togithub.com/sindresorhus/got/releases/tag/v11.8.5) [Compare Source](https://togithub.com/sindresorhus/got/compare/v11.8.3...v11.8.5) - Backport security fix https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc - [CVE-2022-33987](https://nvd.nist.gov/vuln/detail/CVE-2022-33987)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.