Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency dustjs-linkedin to v3 [security] #100

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Dec 22, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dustjs-linkedin (source) 2.7.5 -> 3.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-4264

A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 can address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.


Release Notes

linkedin/dustjs (dustjs-linkedin)

v3.0.0

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@mikaello
Copy link
Owner

This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: warning " > dustjs-helpers@1.7.4" has incorrect peer dependency "dustjs-linkedin@2.7 - 2.8".

See also issue LinkedInAttic/dustjs-helpers#148

@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 144c800 to 5c0ad45 Compare December 26, 2022 01:31
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 3 times, most recently from dea562b to 635c158 Compare January 9, 2023 01:35
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 3 times, most recently from 9c4387c to a817663 Compare January 23, 2023 05:02
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 4e0fd04 to 6e581e1 Compare February 6, 2023 00:10
@mikaello
Copy link
Owner

mikaello commented Feb 6, 2023

This cannot be merged because of:

This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: warning " > dustjs-helpers@1.7.4" has incorrect peer dependency "dustjs-linkedin@2.7 - 2.8".

See also issue LinkedInAttic/dustjs-helpers#148

Ref #35 (comment)

@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 6e581e1 to 7c98121 Compare February 6, 2023 05:56
@renovate renovate bot changed the title fix(deps): update dependency dustjs-linkedin to v3 [security] fix(deps): update dependency dustjs-linkedin to v3 [security] - autoclosed Feb 17, 2023
@renovate renovate bot closed this Feb 17, 2023
@renovate renovate bot deleted the renovate/npm-dustjs-linkedin-vulnerability branch February 17, 2023 03:17
@renovate renovate bot changed the title fix(deps): update dependency dustjs-linkedin to v3 [security] - autoclosed fix(deps): update dependency dustjs-linkedin to v3 [security] Feb 17, 2023
@renovate renovate bot reopened this Feb 17, 2023
@renovate renovate bot restored the renovate/npm-dustjs-linkedin-vulnerability branch February 17, 2023 07:58
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 7c98121 to 60d502c Compare February 20, 2023 00:54
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 0c978fd to 5cbacda Compare March 13, 2023 01:54
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 5cbacda to 058b197 Compare March 13, 2023 15:32
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 058b197 to 8f1738b Compare March 30, 2023 21:55
@renovate renovate bot changed the title fix(deps): update dependency dustjs-linkedin to v3 [security] fix(deps): update dependency dustjs-linkedin to v3 [security] - autoclosed Apr 4, 2023
@renovate renovate bot closed this Apr 4, 2023
@renovate renovate bot deleted the renovate/npm-dustjs-linkedin-vulnerability branch April 4, 2023 01:39
@renovate renovate bot changed the title fix(deps): update dependency dustjs-linkedin to v3 [security] - autoclosed fix(deps): update dependency dustjs-linkedin to v3 [security] Apr 4, 2023
@renovate renovate bot reopened this Apr 4, 2023
@renovate renovate bot restored the renovate/npm-dustjs-linkedin-vulnerability branch April 4, 2023 08:54
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 43e171f to 4d0a116 Compare June 10, 2024 03:56
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 4d0a116 to 1e20aa9 Compare June 17, 2024 04:42
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 72895bb to d9be209 Compare July 15, 2024 04:07
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from e717886 to 5c18f6e Compare July 29, 2024 03:50
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from f0ab2e6 to 1fe6d22 Compare August 12, 2024 04:56
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 822c7b7 to 7397183 Compare August 26, 2024 03:54
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 2275e90 to abb2d8c Compare September 9, 2024 04:29
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 4 times, most recently from 64f6ee8 to 9937ee2 Compare September 16, 2024 10:27
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 9b23093 to bacbc92 Compare September 30, 2024 03:12
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from bacbc92 to 06b16d8 Compare October 7, 2024 03:43
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from ee5651f to ae42991 Compare October 21, 2024 03:19
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from a91b55f to 7f70090 Compare November 11, 2024 04:24
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from 5ed87a9 to 7a94f5b Compare November 18, 2024 03:15
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch 2 times, most recently from b62055f to 57d5c34 Compare December 9, 2024 04:30
@renovate renovate bot force-pushed the renovate/npm-dustjs-linkedin-vulnerability branch from 57d5c34 to e93cf89 Compare December 9, 2024 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant