search

owncloud / customgroups

Let users create their own custom groups
GNU Affero General Public License v3.0
8 stars 14 forks source link

chore: bump security related js vendor dependencies #595

Closed fschade closed 1 year ago

fschade commented 1 year ago

Description

Bump security related vendor js dependencies, some dependencies still do not have fixed the peer dependency.

Overview

https://github.com/owncloud/customgroups/security/dependabot

Details

Prototype Pollution in lodash

https://github.com/owncloud/customgroups/security/dependabot/19, https://github.com/owncloud/customgroups/security/dependabot/47, https://github.com/owncloud/customgroups/security/dependabot/17, fixed via version bump

Uncontrolled Resource Consumption in trim-newlines

https://github.com/owncloud/customgroups/security/dependabot/14, fixed via version bump

Command Injection in lodash

https://github.com/owncloud/customgroups/security/dependabot/13, fixed via version bump

CLAassistant commented 1 year ago

CLA assistant check
All committers have signed the CLA.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information