Closed renovate[bot] closed 1 month ago
[!IMPORTANT]
Review Skipped
Bot user detected.
To trigger a single review, invoke the
@coderabbitai review
command.You can disable this status message by setting the
reviews.review_status
tofalse
in the CodeRabbit configuration file.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
This PR contains the following updates:
3.0.2
->3.0.3
GitHub Vulnerability Alerts
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the
compileClient
,compileFileClient
, orcompileClientWithDependenciesTracked
function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.Release Notes
pugjs/pug (pug)
### [`v3.0.3`](https://togithub.com/pugjs/pug/releases/tag/pug%403.0.3) [Compare Source](https://togithub.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3) #### Bug Fixes - Update pug-code-gen with the following fix: ([#3438](https://togithub.com/pugjs/pug/issues/3438)) Validate `templateName` and `globals` are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation optionsConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.