search

hackariens / vuejs

Templates pour la création d'un nouveau projet vuejs
0 stars 0 forks source link

chore(deps): update dependency loader-utils [security] - autoclosed #121

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change
loader-utils 2.0.0 -> 2.0.4
loader-utils 1.4.0 -> 1.4.2

GitHub Vulnerability Alerts

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

CVE-2022-37599

A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37603

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.

guardrails[bot] commented 1 year ago

:warning: We detected 3 security issues in this pull request:

Vulnerable Libraries (3)
Severity | Details ----- | -------- Critical | [pkg:npm/loader-utils@1.4.1@1.4.1](https://github.com/koromerzhin/template-vuejs/blob/187446d5c120f00927e0401a0c538d29d21713e6/apps/package-lock.json#L8471) (t) - **no patch available** Medium | [lock-verify@2.2.1](https://github.com/koromerzhin/template-vuejs/blob/187446d5c120f00927e0401a0c538d29d21713e6/apps/package-lock.json) (t) upgrade to: *>1.1.0 || >2.2.1* Medium | [semantic-git-commit-cli@3.7.0](https://github.com/koromerzhin/template-vuejs/blob/187446d5c120f00927e0401a0c538d29d21713e6/apps/package-lock.json) (t) upgrade to: *>=1.1.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.