Closed renovate[bot] closed 9 months ago
Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
---|---|---|---|---|---|
❌ ACTION | actionlint | 2 | 1 | 0.1s | |
⚠️ BASH | bash-exec | 354 | 109 | 3.41s | |
❌ BASH | shellcheck | 354 | 4939 | 88.36s | |
⚠️ BASH | shfmt | 354 | 313 | 1 | 1.08s |
❌ COPYPASTE | jscpd | yes | 1 | 2590.7s | |
❌ CSS | stylelint | 6 | 6 | 1 | 2.32s |
❌ DOCKERFILE | hadolint | 12 | 1 | 0.9s | |
❌ HTML | djlint | 38 | 1 | 4.48s | |
❌ HTML | htmlhint | 38 | 2392 | 0.9s | |
❌ JAVASCRIPT | eslint | 6139 | 0 | 1 | 57.74s |
❌ JAVASCRIPT | standard | 6139 | 6115 | 1 | 641.74s |
❌ JSON | eslint-plugin-jsonc | 232 | 0 | 2 | 3.78s |
❌ JSON | jsonlint | 232 | 1 | 0.49s | |
❌ JSON | npm-package-json-lint | yes | 1 | 3.17s | |
✅ JSON | prettier | 232 | 139 | 0 | 8.36s |
❌ JSON | v8r | 232 | 1 | 182.19s | |
⚠️ MARKDOWN | markdownlint | 269 | 227 | 986 | 19.79s |
❌ MARKDOWN | markdown-link-check | 269 | 19 | 18.73s | |
✅ MARKDOWN | markdown-table-formatter | 269 | 229 | 0 | 1.82s |
❌ PROTOBUF | protolint | 162 | 103 | 3 | 135.96s |
❌ REPOSITORY | checkov | yes | 66 | 237.19s | |
❌ REPOSITORY | gitleaks | yes | 327 | 806.59s | |
❌ REPOSITORY | git_diff | yes | 1 | 4.1s | |
❌ REPOSITORY | grype | yes | 1 | 16.24s | |
❌ REPOSITORY | secretlint | yes | 1 | 10207.21s | |
❌ REPOSITORY | trivy | yes | 1 | 10.38s | |
✅ REPOSITORY | trivy-sbom | yes | no | 2.84s | |
✅ REPOSITORY | trufflehog | yes | no | 243.91s | |
❌ SPELL | cspell | 40760 | 1122987 | 18406.35s | |
❌ SPELL | lychee | 5676 | 1 | 7.81s | |
✅ SQL | sql-lint | 1 | 0 | 0.76s | |
✅ XML | xmllint | 41 | 0 | 0 | 0.66s |
⚠️ YAML | prettier | 662 | 512 | 1 | 36.1s |
❌ YAML | v8r | 662 | 1 | 308.26s | |
❌ YAML | yamllint | 662 | 1 | 26.45s |
See detailed report in MegaLinter reports
This PR contains the following updates:
<=2.3.0
-><=2.4.0
GitHub Vulnerability Alerts
CVE-2022-29217
Impact
What kind of vulnerability is it? Who is impacted?
Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation).
Patches
Users should upgrade to v2.4.0.
Workarounds
Always be explicit with the algorithms that are accepted and expected when decoding.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Release Notes
jpadilla/pyjwt (pyjwt)
### [`v2.4.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v250-httpsgithubcomjpadillapyjwtcompare240250) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.3.0...2.4.0) Changed ``` - Skip keys with incompatible alg when loading JWKSet by @DaGuich in `#762Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.