Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency react-dev-utils to 11.0.4 [security] #9287

Merged
merged 2 commits into from
Jan 10, 2022
Merged

chore(deps): update dependency react-dev-utils to 11.0.4 [security] #9287

merged 2 commits into from
Jan 10, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 10, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change
react-dev-utils 4.2.3 -> 11.0.4

GitHub Vulnerability Alerts

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.

Configuration

📅 Schedule: "" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested a review from StephenBarlow as a code owner January 10, 2022 16:15
@benjamn benjamn merged commit 34ec039 into main Jan 10, 2022
@benjamn
Copy link
Member

benjamn commented Jan 10, 2022

Only Netlify/docs checks are failing, so I'm going to merge this as-is.

@benjamn benjamn deleted the renovate/npm-react-dev-utils-vulnerability branch January 10, 2022 16:50
This was referenced Jan 13, 2022
Merged
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@StephenBarlow StephenBarlow Awaiting requested review from StephenBarlow

Assignees
No one assigned
Labels
🎄 dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benjamn @renovate-bot