changeset-bot[bot]
commented
1 month ago ⚠️ No Changeset found
Latest commit: 7e3980a535051b550fbb66b1beb9c1d10bec583f
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver typesClick here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This PR contains the following updates:
3.0.2->3.0.3GitHub Vulnerability Alerts
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the
compileClient,compileFileClient, orcompileClientWithDependenciesTrackedfunction. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.Release Notes
pugjs/pug (pug)
### [`v3.0.3`](https://togithub.com/pugjs/pug/releases/tag/pug%403.0.3) [Compare Source](https://togithub.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3) #### Bug Fixes - Update pug-code-gen with the following fix: ([#3438](https://togithub.com/pugjs/pug/issues/3438)) Validate `templateName` and `globals` are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation optionsConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.