Closed renovate[bot] closed 1 year ago
APK Size: 2.03 MB
Merging #329 (aba2fb1) into main (c55e2ce) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## main #329 +/- ##
=========================================
Coverage 54.84% 54.84%
Complexity 117 117
=========================================
Files 104 104
Lines 1732 1732
Branches 239 239
=========================================
Hits 950 950
Misses 672 672
Partials 110 110
:mega: Weβre building smart automated test selection to slash your CI/CD build times. Learn more
This PR contains the following updates:
23.0.0
->24.0.0
GitHub Vulnerability Alerts
CVE-2023-28427
Impact
In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the
Object.prototype
, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic.(This is part 2, where CVE-2022-36059 / GHSA-rfv9-x7hh-xc32 is part 1. Part 2 covers remaining vectors not covered by part 1, found in a codebase audit scheduled after part 1.)
Patches
The issue has been patched in matrix-js-sdk 24.0.0.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory please email us at security at matrix.org.
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.