search

commercetools / nodejs

Everything related to the Node.js ecosystem for the commercetools platform.
https://commercetools.github.io/nodejs/
MIT License
75 stars 70 forks source link

fix(deps): update dependency fast-csv to v4.3.6 [security] - autoclosed #1745

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
fast-csv 4.3.2 -> 4.3.6 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26256

Impact

Possible ReDoS (Regular Expression Denial of Service) when using ignoreEmpty option when parsing.

Patches

This has been patched in v4.3.6

Workarounds

You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to the latest version v4.3.6

References

This vulnerability was found using a CodeQL query which identified EMPTY_ROW_REGEXP regular expression as vulnerable. Link to query run.

For more information

If you have any questions or comments about this advisory:

Release Notes

C2FO/fast-csv ### [`v4.3.6`](https://togithub.com/C2FO/fast-csv/blob/HEAD/packages/fast-csv/CHANGELOG.md#​436-httpsgithubcomC2FOfast-csvcomparev435v436-2020-12-04) [Compare Source](https://togithub.com/C2FO/fast-csv/compare/v4.3.5...v4.3.6) **Note:** Version bump only for package fast-csv ### [`v4.3.5`](https://togithub.com/C2FO/fast-csv/blob/HEAD/packages/fast-csv/CHANGELOG.md#​435-httpsgithubcomC2FOfast-csvcomparev434v435-2020-11-03) [Compare Source](https://togithub.com/C2FO/fast-csv/compare/v4.3.4...v4.3.5) **Note:** Version bump only for package fast-csv ### [`v4.3.4`](https://togithub.com/C2FO/fast-csv/blob/HEAD/packages/fast-csv/CHANGELOG.md#​434-httpsgithubcomC2FOfast-csvcomparev433v434-2020-11-03) [Compare Source](https://togithub.com/C2FO/fast-csv/compare/v4.3.3...v4.3.4) **Note:** Version bump only for package fast-csv ### [`v4.3.3`](https://togithub.com/C2FO/fast-csv/blob/HEAD/packages/fast-csv/CHANGELOG.md#​433-httpsgithubcomC2FOfast-csvcomparev432v433-2020-10-30) [Compare Source](https://togithub.com/C2FO/fast-csv/compare/v4.3.2...v4.3.3) **Note:** Version bump only for package fast-csv

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

changeset-bot[bot] commented 2 years ago

⚠️ No Changeset found

Latest commit: cd548970b7d37d6393f5065397e024ed994a86e0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

codecov[bot] commented 2 years ago

Codecov Report

Merging #1745 (cdd0030) into master (9c15b08) will increase coverage by 0.00%. The diff coverage is n/a.

:exclamation: Current head cdd0030 differs from pull request most recent head cd54897. Consider uploading reports for the commit cd54897 to get more accurate results

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1745   +/-   ##
=======================================
  Coverage   94.25%   94.26%           
=======================================
  Files         135      135           
  Lines        4789     4793    +4     
  Branches     1273     1273           
=======================================
+ Hits         4514     4518    +4     
  Misses        271      271           
  Partials        4        4
Impacted Files Coverage Δ
packages/custom-objects-importer/src/main.js 98.16% <0.00%> (ø)
packages/product-json-to-csv/src/main.js 92.70% <0.00%> (+0.10%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9c15b08...cd54897. Read the comment docs.