search

iam-medvedev / esbuild-plugin-less

esbuild plugin for less files
https://npmjs.com/package/esbuild-plugin-less
Do What The F*ck You Want To Public License
42 stars 12 forks source link

chore(deps): update node.js to v14.18.1 #50

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
node volta patch 14.18.0 -> 14.18.1

Release Notes

nodejs/node ### [`v14.18.1`](https://togithub.com/nodejs/node/releases/v14.18.1) [Compare Source](https://togithub.com/nodejs/node/compare/v14.18.0...v14.18.1) This is a security release. ##### Notable changes - **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) - The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at [CVE-2021-22959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959) after publication. - **CVE-2021-22960**: HTTP Request Smuggling when parsing the body (Medium) - The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at [CVE-2021-22960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960) after publication. ##### Commits - \[[`8c254ca7e4`](https://togithub.com/nodejs/node/commit/8c254ca7e4)] - **deps**: update llhttp to 2.1.4 (Fedor Indutny) [nodejs-private/node-private#​285](https://togithub.com/nodejs-private/node-private/pull/285) - \[[`9b92ae2499`](https://togithub.com/nodejs/node/commit/9b92ae2499)] - **http**: add regression test for smuggling content length (Matteo Collina) [nodejs-private/node-private#​285](https://togithub.com/nodejs-private/node-private/pull/285) - \[[`f467539719`](https://togithub.com/nodejs/node/commit/f467539719)] - **http**: add regression test for chunked smuggling (Matteo Collina) [nodejs-private/node-private#​285](https://togithub.com/nodejs-private/node-private/pull/285)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

codecov[bot] commented 2 years ago

Codecov Report

Merging #50 (bfbb148) into master (babada7) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #50   +/-   ##
=======================================
  Coverage   86.36%   86.36%           
=======================================
  Files           2        2           
  Lines          44       44           
  Branches        6        6           
=======================================
  Hits           38       38           
  Partials        6        6

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update babada7...bfbb148. Read the comment docs.

github-actions[bot] commented 2 years ago

:tada: This PR is included in version 1.1.5 :tada:

The release is available on:

Your semantic-release bot :package::rocket: