Closed renovate[bot] closed 1 month ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
nusmods-export | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 22, 2024 11:57am |
nusmods-website | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 22, 2024 11:57am |
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 53.54%. Comparing base (
e5b9774
) to head (96bddf7
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
8.0.4
->9.0.6
GitHub Vulnerability Alerts
CVE-2021-3757
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition
(p === "__proto__" || p === "constructor")
inapplyPatches_
returns false ifp
is['__proto__']
(or['constructor']
). The===
operator (strict equality operator) returns false if the operands have different type.Release Notes
immerjs/immer (immer)
### [`v9.0.6`](https://togithub.com/immerjs/immer/releases/tag/v9.0.6) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.5...v9.0.6) ##### Bug Fixes - **security:** Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype ([fa671e5](https://togithub.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237)) ### [`v9.0.5`](https://togithub.com/immerjs/immer/releases/tag/v9.0.5) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.4...v9.0.5) ##### Bug Fixes - release missing dist/ folder ([bfb8dec](https://togithub.com/immerjs/immer/commit/bfb8decc92ded85d035da4b0c70dd642bb25e451)) ### [`v9.0.4`](https://togithub.com/immerjs/immer/releases/tag/v9.0.4) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.3...v9.0.4) ##### Bug Fixes - [#791](https://togithub.com/immerjs/immer/issues/791) return 'nothing' should produce undefined patch ([5412c9f](https://togithub.com/immerjs/immer/commit/5412c9f770663d0f19fe9bdaeabfa05ff3127cc9)) - [#807](https://togithub.com/immerjs/immer/issues/807) new undefined properties should end up in result object ([dc3f66c](https://togithub.com/immerjs/immer/commit/dc3f66cdea53fd5a8c814924bfafa9f6b53c9c62)) - Better applyPatches type ([#810](https://togithub.com/immerjs/immer/issues/810)) ([09ac097](https://togithub.com/immerjs/immer/commit/09ac097513714130e08ff18bc7496c4fd04f6531)), closes [#809](https://togithub.com/immerjs/immer/issues/809) ### [`v9.0.3`](https://togithub.com/immerjs/immer/releases/tag/v9.0.3) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.2...v9.0.3) ##### Bug Fixes - isPlainObject: add quick comparison between input and `Object` to short-circuit taxing `Function.toString` invocations ([#805](https://togithub.com/immerjs/immer/issues/805)) ([07575f3](https://togithub.com/immerjs/immer/commit/07575f38f49babcc6014dc898e77d39e4a9347b1)) ### [`v9.0.2`](https://togithub.com/immerjs/immer/releases/tag/v9.0.2) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.1...v9.0.2) ##### Bug Fixes - [#785](https://togithub.com/immerjs/immer/issues/785) fix type inference for produce incorrectly inferring promise ([#786](https://togithub.com/immerjs/immer/issues/786)) ([6555173](https://togithub.com/immerjs/immer/commit/6555173838f575d48a3fcb825c5a7d1953573a11)) ### [`v9.0.1`](https://togithub.com/immerjs/immer/releases/tag/v9.0.1) [Compare Source](https://togithub.com/immerjs/immer/compare/v9.0.0...v9.0.1) ##### Bug Fixes - [#768](https://togithub.com/immerjs/immer/issues/768) `immerable` field being lost during patch value cloning ([#771](https://togithub.com/immerjs/immer/issues/771)) ([e0b7c01](https://togithub.com/immerjs/immer/commit/e0b7c01c4ce039b7a68b5cb3cd97a7242962b7ab)) ### [`v9.0.0`](https://togithub.com/immerjs/immer/releases/tag/v9.0.0) [Compare Source](https://togithub.com/immerjs/immer/compare/v8.0.4...v9.0.0) ##### feature - Improved typescript types ([2c2f30e](https://togithub.com/immerjs/immer/commit/2c2f30e1c7bda5a1902acb4548678434e18cae5d)), closes [#720](https://togithub.com/immerjs/immer/issues/720) ##### BREAKING CHANGES - It is no longer allowed to return `nothing` from a recipe if the target state doesn't accept `undefined`. - It is no longer allowed to return arbitrary things from a recipe. Recipes should either return nothing, or something that is assignable to the original state type. This will catch mistakes with accidental returns earlier.Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Singapore, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.