Strapi was made aware of two vulnerabilities that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.
For now the delay timeline looks like we will release the detailed information in the next four (4) weeks, we expect to do public disclosure (via a blog post) on Monday July 10th, 2023.
The vulnerabilities are 1 high and 1 medium and both have a very low/basically zero probability of being used in the wild as it requires very specific knowledge of how these work.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps @strapi/plugin-i18n from 4.10.5 to 4.11.0.
Release notes
Sourced from
@​strapi/plugin-i18n's releases.... (truncated)
Commits
951765eMerge branch 'releases/4.10.8'634d9e3v4.10.8d4ff351Chore: Update snapshot tests61ec28fChore: Update@​strapi/design-systemand@​strapi/iconsto 1.7.1041885fdMerge branch 'main' into chore/react18da080dfv4.10.726e9bf0Merge pull request #16852 from strapi/dependabot/npm_and_yarn/react-query-3.39.3e192306Merge pull request #16853 from strapi/dependabot/npm_and_yarn/formik-2.4.08cdd583Merge pull request #16486 from Boegie19/i18n-entity-service-decorator-findMany1c5f857chore(deps): bump formik from 2.2.9 to 2.4.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)