search

ecomplus / application-starter

Serverless boilerplate for E-Com Plus apps (integrations) with Firebase Cloud Functions and GitHub Actions
MIT License
2 stars 3 forks source link

chore(deps): update dependency json-ptr to 2.1.0 [security] - autoclosed #86

Closed renovate[bot] closed 3 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change
json-ptr 1.3.2 -> 2.1.0

GitHub Vulnerability Alerts

GHSA-rrqv-vjrw-hrcr

There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get() method, your project is vulnerable to this injection-style vulnerability.

CVE-2020-7766

npm json-ptr before 2.0.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.