Update dependency minimist to v1.2.6 [SECURITY]#47
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
3874826 to
cb28bba
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
cb28bba to
f4d048d
Compare
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
f4d048d to
d42f6bc
Compare
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
d42f6bc to
a01e6d4
Compare
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
a01e6d4 to
ad39390
Compare
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
ad39390 to
e1f8c43
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
2 times, most recently
from
e1f8c43 to
3d015b8
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
2 times, most recently
from
3d015b8 to
2380ee3
Compare
ManiruzzamanAkash
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
2380ee3 to
4dc5e3b
Compare
kiransbsf
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
4dc5e3b to
2380ee3
Compare
sarangshahane
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
2380ee3 to
0352b2f
Compare
renovate
Bot
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
0352b2f to
a6e7c86
Compare
kiransbsf
force-pushed
the
renovate/npm-minimist-vulnerability
branch
from
a6e7c86 to
2380ee3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.2.5→1.2.6Prototype Pollution in minimist
CVE-2021-44906 / GHSA-xvch-5gv4-984h
More information
Details
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file
index.js, functionsetKey()(lines 69-95).Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
minimistjs/minimist (minimist)
v1.2.6Compare Source
Commits
bc8eceec2b9819ef88b93Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.