Closed renovate[bot] closed 1 year ago
:exclamation: No coverage uploaded for pull request base (
master@7cd4a6a
). Click here to learn what that means. The diff coverage isn/a
.
@@ Coverage Diff @@
## master #91 +/- ##
==========================================
Coverage ? 100.00%
==========================================
Files ? 5
Lines ? 20
Branches ? 6
==========================================
Hits ? 20
Misses ? 0
Partials ? 0
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
This PR contains the following updates:
6.5.2
->6.5.3
GitHub Vulnerability Alerts
CVE-2022-24999
qs before 6.10.3 allows attackers to cause a Node process hang because an
__ proto__
key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such asa[__proto__]=b&a[__proto__]&a[length]=100000000
. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.