Update dependency open to v6 [SECURITY] #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Micro-Learning Topic: OS command injection (Detected by phrase)In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server. Try this challenge in Secure Code Warrior |
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
changed the title
Micro-Learning Topic: OS command injection (Detected by phrase)Matched on "command injection"In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server. Try this challenge in Secure Code Warrior |
1 similar comment
Micro-Learning Topic: OS command injection (Detected by phrase)Matched on "command injection"In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server. Try this challenge in Secure Code Warrior |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
485e7b0 to
7a78623
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
7a78623 to
74b0eb9
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
74b0eb9 to
f056ee0
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
f056ee0 to
e4abf51
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
e4abf51 to
f5f03b9
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
f5f03b9 to
f30e410
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
f30e410 to
f0e23d9
Compare
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
f0e23d9 to
8f95112
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
8f95112 to
c679901
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
c679901 to
9e89409
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
9e89409 to
059e032
Compare
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
059e032 to
5c2457f
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
2e3dfac to
bfac01e
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
bfac01e to
b488d23
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
b488d23 to
dbb2840
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
dbb2840 to
6597744
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
6597744 to
d85c324
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
d85c324 to
991cc92
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
991cc92 to
167ad02
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
167ad02 to
4a039fd
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
4a039fd to
bed75b3
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
bed75b3 to
32f649c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
32f649c to
aace5aa
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
aace5aa to
a951bb5
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
a951bb5 to
76acf5b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-open-vulnerability
branch
from
76acf5b to
77aa77a
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~0.0.4->~6.0.0GitHub Vulnerability Alerts
GHSA-28xh-wpgr-7fm8
Versions of
openbefore 6.0.0 are vulnerable to command injection when unsanitized user input is passed in.The package does come with the following warning in the readme:
Recommendation
openis now the deprecatedopnpackage. Upgrading to the latest version is likely have unwanted effects since it now has a very different API but will prevent this vulnerability.Release Notes
sindresorhus/open (open)
v6.0.0Breaking:
opntoopen(See the readme for more info)eca88d8waitoptionfalseby defaultda2d6635c525b5Enhancements:
b30220cConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.