codecov[bot]
commented
2 years ago Codecov Report
Merging #517 (cef5477) into master (06d3f3e) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #517 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 1 1
Lines 4 4
=========================================
Hits 4 4 Continue to review full report at Codecov.
Legend - Click here to learn more
Ξ = absolute <relative> (impact),ΓΈ = not affected,? = missing dataPowered by Codecov. Last update 06d3f3e...cef5477. Read the comment docs.
This PR contains the following updates:
1.7.2->1.7.3GitHub Vulnerability Alerts
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.