Closed zthxxx closed 1 year ago
vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated |
|---|---|---|---|---|
| react-dev-inspector | ❌ Failed (Inspect) | Feb 14, 2023 at 3:25AM (UTC) |
zthxxx
commented
1 year ago As this PR has been closed unmerged, Renovate will now ignore this update (^2.0.0). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.
This PR contains the following updates:
2.0.0->2.0.4GitHub Vulnerability Alerts
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
CVE-2022-37599
A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
CVE-2022-37603
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
Release Notes
webpack/loader-utils
### [`v2.0.4`](https://togithub.com/webpack/loader-utils/releases/v2.0.4) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) ##### [2.0.4](https://togithub.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) (2022-11-11) ##### Bug Fixes - ReDoS problem ([#225](https://togithub.com/webpack/loader-utils/issues/225)) ([ac09944](https://togithub.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb)) ### [`v2.0.3`](https://togithub.com/webpack/loader-utils/releases/v2.0.3) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.2...v2.0.3) ##### [2.0.3](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.3) (2022-10-20) ##### Bug Fixes - **security:** prototype pollution exploit ([#217](https://togithub.com/webpack/loader-utils/issues/217)) ([a93cf6f](https://togithub.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c)) ### [`v2.0.2`](https://togithub.com/webpack/loader-utils/releases/v2.0.2) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.2) ##### [2.0.2](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.2) (2021-11-04) ##### Bug Fixes - base64 generation and unicode characters ([#197](https://togithub.com/webpack/loader-utils/issues/197)) ([8c2d24e](https://togithub.com/webpack/loader-utils/commit/8c2d24ee400bc4567335e97ee6004c3baa6ef66f)) ### [`v2.0.1`](https://togithub.com/webpack/loader-utils/releases/v2.0.1) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.0...v2.0.1) ##### [2.0.1](https://togithub.com/webpack/loader-utils/compare/v2.0.0...v2.0.1) (2021-10-29) ##### Bug Fixes - md4 support on Node.js v17 ([#193](https://togithub.com/webpack/loader-utils/issues/193)) ([1069f61](https://togithub.com/webpack/loader-utils/commit/1069f61284a571614ee4acdde6e6087174be118a))Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.