-
Notifications
You must be signed in to change notification settings - Fork 520
Update dependencies to fix some vulnerabilities #1212
base: master
Are you sure you want to change the base?
Conversation
This fixes several vulnerabilities in lodash. - several prototype pollution issues in lodash - see <https://www.npmjs.com/advisories/1065> - see <https://www.npmjs.com/advisories/1523> - command injection vulnerability (CVE-2021-23337), see <https://www.npmjs.com/advisories/1673>
This fixes a prototype pollution vulnerability in mixin-deep. See <https://www.npmjs.com/advisories/1013> for more information.
1a8c945
to
580b053
Compare
Fixes a prototype pollution vulnerability in set-value, see <https://www.npmjs.com/advisories/1012> for more information.
Fixes a regular expression denial of service vulnerability, see <https://www.npmjs.com/advisories/1488> for more info.
This fixes an arbitrary code execution vulnerability, see <https://www.npmjs.com/advisories/1118> for more info.
Fixes a regular expression denial of service vulnerability, see <https://www.npmjs.com/advisories/1677> for more info.
Fixes a path traversal vulnerability in url-parse. See <https://www.npmjs.com/advisories/1678> for more information.
This update fixes a prototype pollution vulnerability in y18n. See <https://www.npmjs.com/advisories/1654> for more information.
580b053
to
8d219a8
Compare
@assaf Sorry if the force pushes make this PR a bit more complicated than necessary, but the previously pushed commits were missing some changes. |
This fixes a prototype pollution vulnerability in ini. See <https://www.npmjs.com/advisories/1589> for more information.
@assaf I've also added another update for |
that lib look dead when try to get cookies, can u try to update it sir ? |
@andress134: And yes, the assaf/zombie project seems to be "dead" or at least the owner is very slow to respond, but I will keep this pull request open anyway. Maybe it will get merged later. |
I'm try to bypass a cloudflare page but can't |
These commits fix some vulnerabilities in several dependencies.
While this still does not fix all vulnerabilities that currently exist in dependencies, it should be a step in the right direction.