Open renovate[bot] opened 1 month ago
This PR contains the following updates:
^1.2.2
^1.2.6
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
index.js
setKey()
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
^1.2.2
->^1.2.6
GitHub Vulnerability Alerts
CVE-2021-44906
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file
index.js
, functionsetKey()
(lines 69-95).Release Notes
minimistjs/minimist (minimist)
### [`v1.2.6`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v126---2022-03-21) [Compare Source](https://togithub.com/minimistjs/minimist/compare/v1.2.5...v1.2.6) ##### Commits - test from prototype pollution PR [`bc8ecee`](https://togithub.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb) - isConstructorOrProto adapted from PR [`c2b9819`](https://togithub.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d) - security notice for additional prototype pollution issue [`ef88b93`](https://togithub.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2) ### [`v1.2.5`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v125---2020-03-12) [Compare Source](https://togithub.com/minimistjs/minimist/compare/v1.2.4...v1.2.5) ### [`v1.2.4`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v124---2020-03-11) [Compare Source](https://togithub.com/minimistjs/minimist/compare/v1.2.3...v1.2.4) ##### Commits - security notice [`4cf1354`](https://togithub.com/minimistjs/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f) - additional test for constructor prototype pollution [`1043d21`](https://togithub.com/minimistjs/minimist/commit/1043d212c3caaf871966e710f52cfdf02f9eea4b) ### [`v1.2.3`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v123---2020-03-10) [Compare Source](https://togithub.com/minimistjs/minimist/compare/v1.2.2...v1.2.3) ##### Commits - more failing proto pollution tests [`13c01a5`](https://togithub.com/minimistjs/minimist/commit/13c01a5327736903704984b7f65616b8476850cc) - even more aggressive checks for protocol pollution [`38a4d1c`](https://togithub.com/minimistjs/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.