Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency underscore to ~1.12.0 [security] #358

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency underscore to ~1.12.0 [security] #358

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 4, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
underscore (source) ~1.8.3 -> ~1.12.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Release Notes

jashkenas/underscore (underscore)

v1.12.1

Compare Source

v1.12.0

Compare Source

v1.11.0

Compare Source

v1.10.2

Compare Source

v1.10.1

Compare Source

v1.10.0

Compare Source

v1.9.2

Compare Source

v1.9.1

Compare Source

v1.9.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 2 times, most recently from f51adf5 to b277634 Compare September 18, 2023 07:59
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 3 times, most recently from f83832f to dd4835e Compare September 25, 2023 10:07
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from dd4835e to c36893b Compare October 18, 2023 07:28
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from c36893b to d2bec8a Compare November 8, 2023 13:25
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 3 times, most recently from d9be4f0 to 00c56ae Compare November 20, 2023 11:26
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 3 times, most recently from 9501556 to d30518e Compare December 4, 2023 09:23
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 2 times, most recently from 4400898 to 8538593 Compare December 18, 2023 09:39
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 5 times, most recently from aae56ed to 6f937ca Compare January 15, 2024 11:28
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from 6f937ca to a0512ff Compare January 22, 2024 10:35
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from a0512ff to 37f6866 Compare February 5, 2024 09:31
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from 37f6866 to 704ac98 Compare February 12, 2024 10:18
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 2 times, most recently from 9b5ea19 to 7d8f9f0 Compare February 26, 2024 09:07
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 2 times, most recently from c8be84b to 12b8b72 Compare March 11, 2024 08:29
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 2 times, most recently from 6a016bf to 95062d5 Compare March 18, 2024 10:58
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from 95062d5 to be113a8 Compare March 25, 2024 12:03
@renovate renovate bot enabled auto-merge (squash) March 25, 2024 22:01
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch 3 times, most recently from f003455 to f35b1e1 Compare April 8, 2024 10:11
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from f35b1e1 to ad622c8 Compare April 15, 2024 09:39
@renovate renovate bot force-pushed the renovate/npm-underscore-vulnerability branch from ad622c8 to 1fa4e0e Compare April 22, 2024 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants