Closed renovate-bot closed 2 years ago
Merging #218 (7ee1ee0) into main (3898b36) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## main #218 +/- ##
=======================================
Coverage 42.21% 42.21%
=======================================
Files 14 14
Lines 2061 2061
Branches 42 42
=======================================
Hits 870 870
Misses 1173 1173
Partials 18 18
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 3898b36...7ee1ee0. Read the comment docs.
This PR contains the following updates:
6.11.2
->6.11.3
GitHub Vulnerability Alerts
CVE-2022-25878
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.
This vulnerability can occur in multiple ways:
Release Notes
protobufjs/protobuf.js
### [`v6.11.3`](https://togithub.com/protobufjs/protobuf.js/releases/tag/v6.11.3) [Compare Source](https://togithub.com/protobufjs/protobuf.js/compare/v6.11.2...v6.11.3) ##### [6.11.3](https://togithub.com/protobufjs/protobuf.js/compare/v6.11.2...v6.11.3) (2022-05-20) ##### Bug Fixes - **deps:** use eslint 8.x ([#1728](https://togithub.com/protobufjs/protobuf.js/issues/1728)) ([a8681ce](https://togithub.com/protobufjs/protobuf.js/commit/a8681ceab4763e706a848121a2dde56791b89eea)) - do not let setProperty change the prototype ([#1731](https://togithub.com/protobufjs/protobuf.js/issues/1731)) ([b5f1391](https://togithub.com/protobufjs/protobuf.js/commit/b5f1391dff5515894830a6570e6d73f5511b2e8f))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.