Closed fschade closed 1 year ago
Bump security related vendor js dependencies, some dependencies still do not have fixed the peer dependency.
https://github.com/owncloud/customgroups/security/dependabot
https://github.com/owncloud/customgroups/security/dependabot/19, https://github.com/owncloud/customgroups/security/dependabot/47, https://github.com/owncloud/customgroups/security/dependabot/17, fixed via version bump
https://github.com/owncloud/customgroups/security/dependabot/14, fixed via version bump
https://github.com/owncloud/customgroups/security/dependabot/13, fixed via version bump
All committers have signed the CLA.
Kudos, SonarCloud Quality Gate passed!
0 Bugs 0 Vulnerabilities 0 Security Hotspots 0 Code Smells
No Coverage information No Duplication information
Description
Bump security related vendor js dependencies, some dependencies still do not have fixed the peer dependency.
Overview
https://github.com/owncloud/customgroups/security/dependabot
Details
Prototype Pollution in lodash
https://github.com/owncloud/customgroups/security/dependabot/19, https://github.com/owncloud/customgroups/security/dependabot/47, https://github.com/owncloud/customgroups/security/dependabot/17, fixed via version bump
Uncontrolled Resource Consumption in trim-newlines
https://github.com/owncloud/customgroups/security/dependabot/14, fixed via version bump
Command Injection in lodash
https://github.com/owncloud/customgroups/security/dependabot/13, fixed via version bump