Skip to content
This repository was archived by the owner on Aug 24, 2023. It is now read-only.

Update dependency ssri to 7.1.1 [SECURITY] - abandoned#12

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-ssri-vulnerability
Open

Update dependency ssri to 7.1.1 [SECURITY] - abandoned#12
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-ssri-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Apr 26, 2021

Copy link
Copy Markdown

Mend Renovate

This PR contains the following updates:

Package Change
ssri 7.1.0 -> 7.1.1

GitHub Vulnerability Alerts

CVE-2021-27290

npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate Bot added the devops label Apr 26, 2021
@renovate renovate Bot changed the title Update dependency ssri to 8.0.1 [SECURITY] Update dependency ssri to 7.1.1 [SECURITY] Jun 6, 2021
@renovate renovate Bot force-pushed the renovate/npm-ssri-vulnerability branch from 5d3d9c3 to c4e7132 Compare March 7, 2022 17:46
@renovate renovate Bot changed the title Update dependency ssri to 7.1.1 [SECURITY] Update dependency ssri to 7.1.1 [SECURITY] - abandoned Mar 24, 2023
@renovate

renovate Bot commented Mar 24, 2023

Copy link
Copy Markdown
Author

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant