Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@​]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR:
- `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change)
- `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
- `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
- `@Commit-Lint merge disable` will desactivate merge dependabot PR
- `@Commit-Lint review` will approve dependabot PR
- `@Commit-Lint stop review` will stop approve dependabot PR
This PR contains the following updates:
6.13.4
->6.14.6
GitHub Vulnerability Alerts
CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like
<protocol>://[<user>[:<password>]@​]<hostname>[:<port>][:][/]<path>
. The password value is not redacted and is printed to stdout and also to any generated log files.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.