elcoosp / rxdxx

MIT License

0 stars 0 forks source link

chore(deps): update dependency y18n to 4.0.1 [security] - autoclosed #69

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 3 years ago

This PR contains the following updates:

Package	Change
y18n	`4.0.0` -> `4.0.1`

GitHub Vulnerability Alerts

CVE-2020-7774

Overview

The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.

POC

const y18n = require('y18n')();

y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});

console.log(polluted); // true

Recommendation

Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 3 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@7cd4a6a). Click here to learn what that means. The diff coverage is n/a.

@@            Coverage Diff             @@
##             master       #69   +/-   ##
==========================================
  Coverage          ?   100.00%           
==========================================
  Files             ?         5           
  Lines             ?        20           
  Branches          ?         6           
==========================================
  Hits              ?        20           
  Misses            ?         0           
  Partials          ?         0

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.