-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency dustjs-linkedin to v3 [security] #100
base: main
Are you sure you want to change the base?
Conversation
This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: See also issue LinkedInAttic/dustjs-helpers#148 |
144c800
to
5c0ad45
Compare
dea562b
to
635c158
Compare
9c4387c
to
a817663
Compare
4e0fd04
to
6e581e1
Compare
This cannot be merged because of:
Ref #35 (comment) |
6e581e1
to
7c98121
Compare
7c98121
to
60d502c
Compare
0c978fd
to
5cbacda
Compare
5cbacda
to
058b197
Compare
058b197
to
8f1738b
Compare
43e171f
to
4d0a116
Compare
4d0a116
to
1e20aa9
Compare
72895bb
to
d9be209
Compare
e717886
to
5c18f6e
Compare
f0ab2e6
to
1fe6d22
Compare
822c7b7
to
7397183
Compare
2275e90
to
abb2d8c
Compare
64f6ee8
to
9937ee2
Compare
9b23093
to
bacbc92
Compare
bacbc92
to
06b16d8
Compare
ee5651f
to
ae42991
Compare
a91b55f
to
7f70090
Compare
5ed87a9
to
7a94f5b
Compare
b62055f
to
57d5c34
Compare
57d5c34
to
e93cf89
Compare
This PR contains the following updates:
2.7.5
->3.0.0
GitHub Vulnerability Alerts
CVE-2021-4264
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 can address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.
Release Notes
linkedin/dustjs (dustjs-linkedin)
v3.0.0
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.