google / gts

β˜‚οΈ TypeScript style guide, formatter, and linter.
https://github.com/google/gts
Apache License 2.0
5.09k stars 206 forks source link

chore(deps): update dependency cross-spawn to v7.0.5 [security] #918

Open renovate-bot opened 2 days ago

renovate-bot commented 2 days ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cross-spawn 7.0.3 -> 7.0.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-21538

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.


Release Notes

moxystudio/node-cross-spawn (cross-spawn) ### [`v7.0.5`](https://redirect.github.com/moxystudio/node-cross-spawn/blob/HEAD/CHANGELOG.md#705-2024-11-07) [Compare Source](https://redirect.github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5) ### [`v7.0.4`](https://redirect.github.com/moxystudio/node-cross-spawn/blob/HEAD/CHANGELOG.md#704-2024-11-07) [Compare Source](https://redirect.github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4)

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.