Open renovate[bot] opened 2 years ago
This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.
π Inspect: https://vercel.com/yurikrupnik/alfred/BH97kmkWmPv9R7riYba8gxR2PjtK
β
Preview: https://alfred-git-renovate-npm-swagger-ui-dist-vuln-dc9053-yurikrupnik.vercel.app
π Inspect: https://vercel.com/yurikrupnik/batman/7cxogPD7M93KDkhnDX8cMVUtxEbx
β
Preview: https://batman-git-renovate-npm-swagger-ui-dist-vuln-5b3ebc-yurikrupnik.vercel.app
Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.
Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.
This PR contains the following updates:
3.50.0
->4.1.3
3.49.0
->4.1.3
3.52.0
->4.1.3
3.51.1
->4.1.3
GitHub Vulnerability Alerts
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.