guardrails[bot]
commented
2 years ago :warning: We detected 3 security issues in this pull request:
Vulnerable Libraries (3)
Severity | Details ----- | -------- Medium | [boxen@1.3.0](https://github.com/koromerzhin/template-vuejs/blob/00a016f8ce9a3af19d0062453a2a8f74406d4fd6/apps/package-lock.json) (t) upgrade to: *>3.2.0* Medium | [gitmoji-changelog@2.3.0](https://github.com/koromerzhin/template-vuejs/blob/00a016f8ce9a3af19d0062453a2a8f74406d4fd6/apps/package-lock.json) (t) upgrade to: *>=2.0.0-alpha.1* Medium | [lock-verify@2.2.1](https://github.com/koromerzhin/template-vuejs/blob/00a016f8ce9a3af19d0062453a2a8f74406d4fd6/apps/package-lock.json) (t) upgrade to: *>1.1.0 || >=2.2.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).
π Go to the dashboard for detailed results.
π₯ Happy? Share your feedback with us.
This PR contains the following updates:
3.0.0->4.3.0GitHub Vulnerability Alerts
CVE-2021-28092
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
CVE-2021-29059
A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.