-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pin dependency grunt to v0.4.5 [SECURITY] #13
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 6, 2021 21:27
84d6c3f
to
93c21df
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 6, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 7, 2021 08:36
93c21df
to
327c4eb
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to 0.4.5 [SECURITY]
May 7, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 7, 2021 15:59
327c4eb
to
059a832
Compare
renovate
bot
changed the title
Pin dependency grunt to 0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 7, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 8, 2021 15:18
059a832
to
9af7e99
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to 0.4.5 [SECURITY]
May 8, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 8, 2021 16:50
9af7e99
to
b429236
Compare
renovate
bot
changed the title
Pin dependency grunt to 0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 8, 2021
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Update dependency grunt to v1 [SECURITY] - autoclosed
May 10, 2021
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY] - autoclosed
Update dependency grunt to v1 [SECURITY]
May 10, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 10, 2021 04:19
b429236
to
0876b48
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to 0.4.5 [SECURITY]
May 10, 2021
renovate
bot
changed the title
Pin dependency grunt to 0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 10, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
2 times, most recently
from
May 15, 2021 12:46
aa8d840
to
a0b7c5a
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 15, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 15, 2021 13:59
a0b7c5a
to
a9cbcee
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 15, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 21, 2021 09:52
a9cbcee
to
8e6af31
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 21, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 21, 2021 15:09
8e6af31
to
13a5217
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 21, 2021
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 22, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 22, 2021 12:44
13a5217
to
e4de0f8
Compare
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 22, 2021 13:36
e4de0f8
to
a4125b9
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 22, 2021
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 26, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
2 times, most recently
from
May 26, 2021 10:01
8d4a7e9
to
1fc3333
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 26, 2021
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 29, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 29, 2021 19:43
1fc3333
to
d80bcab
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 29, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 29, 2021 21:02
d80bcab
to
279eb56
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 30, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 30, 2021 04:01
279eb56
to
8162f1f
Compare
renovate
bot
changed the title
Pin dependency grunt to v0.4.5 [SECURITY]
Update dependency grunt to v1 [SECURITY]
May 30, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 30, 2021 04:34
8162f1f
to
146bec9
Compare
renovate
bot
changed the title
Update dependency grunt to v1 [SECURITY]
Pin dependency grunt to v0.4.5 [SECURITY]
May 31, 2021
renovate
bot
force-pushed
the
renovate/npm-grunt-vulnerability
branch
from
May 31, 2021 07:42
146bec9
to
c4edba3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~0.4.1
->0.4.5
GitHub Vulnerability Alerts
CVE-2020-7729
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
📌 Important: Renovate will wait until you have merged this Pin PR before creating any upgrade PRs for the affected packages. Add the preset
:preserveSemverRanges
to your config if you instead don't wish to pin dependencies.Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.