dvabuzyarov
commented
1 year ago :tada: This PR is included in version 10.0.3 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Closed renovate[bot] closed 1 year ago
dvabuzyarov
commented
1 year ago :tada: This PR is included in version 10.0.3 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
This PR contains the following updates:
5.74.0->5.76.0GitHub Vulnerability Alerts
CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.