Skip to content
This repository has been archived by the owner on Dec 16, 2023. It is now read-only.

Update dependencies to fix some vulnerabilities #1212

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Commits on May 31, 2021

  1. update lodash to 4.17.21

    This fixes several vulnerabilities in lodash.
    
    - several prototype pollution issues in lodash
      - see <https://www.npmjs.com/advisories/1065>
      - see <https://www.npmjs.com/advisories/1523>
    - command injection vulnerability (CVE-2021-23337),
      see <https://www.npmjs.com/advisories/1673>
    striezel committed May 31, 2021
    Configuration menu
    Copy the full SHA
    467d2e2 View commit details
    Browse the repository at this point in the history
  2. update mixin-deep to 1.3.2

    This fixes a prototype pollution vulnerability in mixin-deep.
    See <https://www.npmjs.com/advisories/1013> for more information.
    striezel committed May 31, 2021
    Configuration menu
    Copy the full SHA
    d381086 View commit details
    Browse the repository at this point in the history

Commits on Jun 1, 2021

  1. update union-value package to 1.0.1 + set-value to 2.0.1

    Fixes a prototype pollution vulnerability in set-value,
    see <https://www.npmjs.com/advisories/1012> for more information.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    5cb2700 View commit details
    Browse the repository at this point in the history
  2. update acorn to 5.7.4

    Fixes a regular expression denial of service vulnerability,
    see <https://www.npmjs.com/advisories/1488> for more info.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    b2b7776 View commit details
    Browse the repository at this point in the history
  3. update eslint-utils to 1.4.3

    This fixes an arbitrary code execution vulnerability,
    see <https://www.npmjs.com/advisories/1118> for more info.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    f456435 View commit details
    Browse the repository at this point in the history
  4. update hosted-git-info to version 2.8.9 (CVE-2021-23362)

    Fixes a regular expression denial of service vulnerability,
    see <https://www.npmjs.com/advisories/1677> for more info.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    4d091ff View commit details
    Browse the repository at this point in the history
  5. update url-parse to 1.5.1 (CVE-2021-27515)

    Fixes a path traversal vulnerability in url-parse.
    See <https://www.npmjs.com/advisories/1678> for more information.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    bd4ed4e View commit details
    Browse the repository at this point in the history
  6. update y18n to 3.2.2 (CVE-2020-7774)

    This update fixes a prototype pollution vulnerability in y18n.
    See <https://www.npmjs.com/advisories/1654> for more information.
    striezel committed Jun 1, 2021
    Configuration menu
    Copy the full SHA
    8d219a8 View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2021

  1. update ini to 1.3.8

    This fixes a prototype pollution vulnerability in ini.
    See <https://www.npmjs.com/advisories/1589> for more information.
    striezel committed Jul 3, 2021
    Configuration menu
    Copy the full SHA
    3dada46 View commit details
    Browse the repository at this point in the history