Update dependency serialize-to-js to v3 [SECURITY] #432
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
8c55395 to
093ff4f
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
d661977 to
ac7a29b
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
c9b452f to
8ac2a0f
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
dfa0ff7 to
998d41c
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
65b4a17 to
265ace1
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
eb65263 to
e1b6062
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
e728b93 to
6958b1c
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
6958b1c to
0c842fb
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
05f6ed9 to
1e1e223
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
af60f94 to
b32638a
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
13541e7 to
f2fe04c
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
f2fe04c to
3513573
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
41de302 to
ea8769d
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
6f8696c to
f33c89c
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
9bfb8a7 to
d83f153
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
976f2e0 to
532fe79
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
1ca7df7 to
1ff91d2
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
d9c2212 to
429f1b7
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
3 times, most recently
from
ebd1f59 to
4ccb293
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
4ccb293 to
e2d8928
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
e2d8928 to
0189a10
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
950e6ce to
a8cf15a
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
2 times, most recently
from
49b6a8d to
871d291
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
871d291 to
cdb167d
Compare
renovate
bot
force-pushed
the
renovate/npm-serialize-to-js-vulnerability
branch
from
cdb167d to
a81a17b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.2.2->^3.0.1GitHub Vulnerability Alerts
CVE-2019-16772
Versions of
serialize-to-jsprior to 3.0.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.Recommendation
Upgrade to version 3.0.1 or later.
GHSA-w5q7-3pr9-x44w
Versions of
serialize-to-jsprior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely.Recommendation
Upgrade to version 2.0.0 or later.
Release Notes
commenthol/serialize-to-js (serialize-to-js)
v3.0.1Compare Source
v3.0.0Compare Source
v2.0.1Compare Source
v2.0.0Compare Source
Breaking changes:
deserializefunction as being vulnerable to DOSConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.