Skip to content
This repository was archived by the owner on Nov 29, 2023. It is now read-only.

chore(deps): update dependency path-parse to 1.0.7 [security] - autoclosed #51

Closed
wants to merge 39 commits into from
Closed

chore(deps): update dependency path-parse to 1.0.7 [security] - autoclosed #51

wants to merge 39 commits into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 10, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change
path-parse 1.0.6 -> 1.0.7

GitHub Vulnerability Alerts

CVE-2021-23343

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

dependabot bot and others added 30 commits June 6, 2020 19:05
@dependabot
Bump apollo-server-core from 2.11.0 to 2.14.2
df916e0 
Bumps [apollo-server-core](https://github.com/apollographql/apollo-server) from 2.11.0 to 2.14.2.
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/compare/[email protected]@2.14.2)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump object-path from 0.11.4 to 0.11.5
0285539 
Bumps [object-path](https://github.com/mariocasciaro/object-path) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/mariocasciaro/object-path/releases)
- [Commits](https://github.com/mariocasciaro/object-path/commits)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump ini from 1.3.5 to 1.3.7
4e3c095 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](npm/ini@v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump y18n from 4.0.0 to 4.0.1
5f7e74c 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump lodash from 4.17.15 to 4.17.21
8d6bdae 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump glob-parent from 5.1.1 to 5.1.2
b65bd40 
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump postcss from 7.0.27 to 7.0.36
800220a 
Bumps [postcss](https://github.com/postcss/postcss) from 7.0.27 to 7.0.36.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.27...7.0.36)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@renovate-bot
Add renovate.json
f334b6f
@mdnorman
Merge pull request #10 from mdnorman/renovate/configure
8fb8dcb 
Configure Renovate
@mdnorman
Merge pull request #9 from mdnorman/dependabot/npm_and_yarn/postcss-7…
86954f9 
….0.36

Bump postcss from 7.0.27 to 7.0.36
@mdnorman
Merge pull request #8 from mdnorman/dependabot/npm_and_yarn/glob-pare…
2f6c4c7 
…nt-5.1.2

Bump glob-parent from 5.1.1 to 5.1.2
@mdnorman
Merge pull request #7 from mdnorman/dependabot/npm_and_yarn/lodash-4.…
acc20ff 
…17.21

Bump lodash from 4.17.15 to 4.17.21
@mdnorman
Merge pull request #6 from mdnorman/dependabot/npm_and_yarn/y18n-4.0.1
0851016 
Bump y18n from 4.0.0 to 4.0.1
@mdnorman
Merge pull request #5 from mdnorman/dependabot/npm_and_yarn/ini-1.3.7
1dbbc42 
Bump ini from 1.3.5 to 1.3.7
@dependabot
Bump dot-prop from 4.2.0 to 4.2.1
b7bcea9 
Bumps [dot-prop](https://github.com/sindresorhus/dot-prop) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/sindresorhus/dot-prop/releases)
- [Commits](sindresorhus/dot-prop@v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: dot-prop
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@mdnorman
Merge pull request #4 from mdnorman/dependabot/npm_and_yarn/object-pa…
4fea765 
…th-0.11.5

Bump object-path from 0.11.4 to 0.11.5
@mdnorman
Merge pull request #2 from mdnorman/dependabot/npm_and_yarn/apollo-se…
39ed949 
…rver-core-2.14.2

Bump apollo-server-core from 2.11.0 to 2.14.2
@dependabot
Bump bl from 1.2.2 to 1.2.3
9e3308b 
Bumps [bl](https://github.com/rvagg/bl) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/rvagg/bl/releases)
- [Commits](rvagg/bl@v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: bl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@renovate-bot
Update dependency bl to 1.2.3 [SECURITY]
c690fe8
@renovate-bot
Update dependency dot-prop to 4.2.1 [SECURITY]
ca9bb5f
@renovate-bot
Update dependency normalize-url to 4.5.1 [SECURITY]
fd5ae69
@renovate-bot
Update dependency ws to 6.2.2 [SECURITY]
590c45e
@renovate-bot
Update dependency apollo-server-lambda to 2.14.2 [SECURITY]
cdcb91d
@renovate-bot
Update dependency yargs-parser to 18.1.2 [SECURITY]
4bfa77e
@mdnorman
Merge pull request #28 from mdnorman/renovate/npm-yargs-parser-vulner…
de9059d 
…ability

Update dependency yargs-parser to 18.1.2 [SECURITY]
@mdnorman
Merge pull request #26 from mdnorman/renovate/npm-ws-vulnerability
04ed74b 
Update dependency ws to 6.2.2 [SECURITY]
@mdnorman
Merge pull request #24 from mdnorman/renovate/npm-normalize-url-vulne…
8f3f112 
…rability

Update dependency normalize-url to 4.5.1 [SECURITY]
@mdnorman
Merge pull request #18 from mdnorman/renovate/npm-dot-prop-vulnerability
71e9df7 
Update dependency dot-prop to 4.2.1 [SECURITY]
@mdnorman
Merge pull request #17 from mdnorman/renovate/npm-bl-vulnerability
cb216a0 
Update dependency bl to 1.2.3 [SECURITY]
@mdnorman
Merge pull request #15 from mdnorman/renovate/npm-apollo-server-lambd…
1263c25 
…a-vulnerability

Update dependency apollo-server-lambda to 2.14.2 [SECURITY]
mdnorman and others added 9 commits June 22, 2021 22:24
@mdnorman
Merge pull request #13 from mdnorman/dependabot/npm_and_yarn/dot-prop…
66c0c66 
…-4.2.1

Bump dot-prop from 4.2.0 to 4.2.1
@mdnorman
Merge pull request #12 from mdnorman/dependabot/npm_and_yarn/bl-1.2.3
15971bb 
Bump bl from 1.2.2 to 1.2.3
@renovate-bot
Update dependency node-notifier to 8.0.1 [SECURITY]
26d2a17
@mdnorman
Merge pull request #23 from mdnorman/renovate/npm-node-notifier-vulne…
4f1c273 
…rability

Update dependency node-notifier to 8.0.1 [SECURITY]
@dependabot
Bump ws from 5.2.2 to 5.2.3
98e5585 
Bumps [ws](https://github.com/websockets/ws) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.2...5.2.3)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@renovate-bot
Update dependency axios to 0.21.1 [SECURITY]
905cf87
@mdnorman
Merge pull request #16 from mdnorman/renovate/npm-axios-vulnerability
4396e09 
Update dependency axios to 0.21.1 [SECURITY]
@mdnorman
Merge pull request #11 from mdnorman/dependabot/npm_and_yarn/ws-5.2.3
5a6d2fd 
Bump ws from 5.2.2 to 5.2.3
@renovate-bot
Update dependency path-parse to 1.0.7 [SECURITY]
356f054
mdnorman added a commit that referenced this pull request Oct 9, 2021
@mdnorman
Merge pull request #51 from mdnorman/renovate/npm-bl-vulnerability
c57b98e 
chore(deps): update dependency bl to 1.2.3 [security]
mdnorman added a commit that referenced this pull request Oct 9, 2021
@mdnorman
Merge pull request #51 from mdnorman/renovate/typescript-eslint-monorepo
b2cb75f 
chore(deps): update typescript-eslint monorepo to v4.30.0
@renovate renovate bot changed the title Update dependency path-parse to 1.0.7 [SECURITY] chore(deps): update dependency path-parse to 1.0.7 [security] Oct 9, 2021
@renovate renovate bot changed the title chore(deps): update dependency path-parse to 1.0.7 [security] chore(deps): update dependency path-parse to 1.0.7 [security] - autoclosed Oct 18, 2021
@renovate renovate bot closed this Oct 18, 2021
@renovate renovate bot deleted the renovate/npm-path-parse-vulnerability branch October 18, 2021 15:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @mdnorman