unboundsoftware/auth0mock
6
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 14 Activity

chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1 #46

Merged
argoyle merged 1 commits from dependabot-npm_and_yarn-normalize-url-4.5.1 into main 2022-05-02 07:01:46 +00:00
Conversation 4 Commits 1 Files Changed 1
+3 -3
argoyle commented 2022-05-02 06:52:59 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Bumps normalize-url from 4.5.0 to 4.5.1. This update includes a security fix.

Vulnerabilities fixed

ReDoS in normalize-url The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Patched versions: 4.5.1 Affected versions: >= 4.3.0, < 4.5.1

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> <p><strong>ReDoS in normalize-url</strong> The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.</p> <p>Patched versions: 4.5.1 Affected versions: &gt;= 4.3.0, &lt; 4.5.1</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sindresorhus/normalize-url/commits">compare view</a></li> </ul> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>
argoyle commented 2022-05-02 06:56:58 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • 39b82452...d7e3b10e - 2 commits from branch main
  • 8581af89 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1

Compare with previous version

added 3 commits <ul><li>39b82452...d7e3b10e - 2 commits from branch <code>main</code></li><li>8581af89 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1</li></ul> [Compare with previous version](/unboundsoftware/auth0mock/-/merge_requests/41/diffs?diff_id=384847731&start_sha=39b8245275d5d123afff592a010c97d3ba261cbc)
argoyle commented 2022-05-02 06:58:22 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • 8581af89...cb31381b - 2 commits from branch main
  • 4132e4a7 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1

Compare with previous version

added 3 commits <ul><li>8581af89...cb31381b - 2 commits from branch <code>main</code></li><li>4132e4a7 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1</li></ul> [Compare with previous version](/unboundsoftware/auth0mock/-/merge_requests/41/diffs?diff_id=384848398&start_sha=8581af89be9483732170d9dcde19f4b2b31c54e2)
argoyle commented 2022-05-02 07:00:03 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • 4132e4a7...a5653c8e - 2 commits from branch main
  • 5f2385a9 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1

Compare with previous version

added 3 commits <ul><li>4132e4a7...a5653c8e - 2 commits from branch <code>main</code></li><li>5f2385a9 - chore(deps): [security] bump normalize-url from 4.5.0 to 4.5.1</li></ul> [Compare with previous version](/unboundsoftware/auth0mock/-/merge_requests/41/diffs?diff_id=384849252&start_sha=4132e4a7d6b1b15d54fb4ef5eabe3488eee2a207)
argoyle commented 2022-05-02 07:01:46 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

mentioned in commit 596967ff72

mentioned in commit 596967ff729165b2e0302fda0635e15e22bf366c
argoyle (Migrated from gitlab.com) merged commit 596967ff72 into main 2022-05-02 07:01:47 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:moderate
No Label dependencies javascript security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) peter releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unboundsoftware/auth0mock#46
Delete Branch "dependabot-npm_and_yarn-normalize-url-4.5.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?