Skip to content

chore(deps) Update dependency minimist to v1.2.8 [SECURITY] - autoclosed #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
renovate wants to merge 1 commit into from
Closed

chore(deps) Update dependency minimist to v1.2.8 [SECURITY] - autoclosed #1000

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 25, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
minimist 1.2.7 -> 1.2.8 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-44906

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Release Notes

minimistjs/minimist (minimist)

v1.2.8

Compare Source

Merged
  • [Fix] Fix long option followed by single dash #17
  • [Tests] Remove duplicate test #12
  • [Fix] opt.string works with multiple aliases #10
Fixed
  • [Fix] Fix long option followed by single dash (#​17) #15
  • [Tests] Remove duplicate test (#​12) #8
  • [Fix] Fix long option followed by single dash #15
  • [Fix] opt.string works with multiple aliases (#​10) #9
  • [Fix] Fix handling of short option with non-trivial equals #5
  • [Tests] Remove duplicate test #8
  • [Fix] opt.string works with multiple aliases #9
Commits
  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.
@renovate renovate bot added the security label Sep 25, 2024
@renovate renovate bot changed the title chore(deps) Update dependency minimist to v1.2.8 [SECURITY] chore(deps) Update dependency minimist to v1.2.8 [SECURITY] - autoclosed Sep 25, 2024
@renovate renovate bot closed this Sep 25, 2024
@renovate renovate bot deleted the renovate/npm-minimist-vulnerability branch September 25, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security

1 participant