chore(deps): update dependency node-forge to 1.0.0 [security] #1111
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
✔️ Deploy Preview for netlify-plugin-nextjs-demo ready! 🔨 Explore the source changes: a7e8e06 🔍 Inspect the deploy log: https://app.netlify.com/sites/netlify-plugin-nextjs-demo/deploys/61dc621a0bcdce000714d5d1 😎 Browse the preview: https://deploy-preview-1111--netlify-plugin-nextjs-demo.netlify.app |
![kodiakhq[bot]](https://avatars.githubusercontent.com/in/29196?s=60&v=4){kind=small}
github-actions
bot
added
the
type: chore
|
✔️ Deploy Preview for netlify-plugin-nextjs-static-root-demo ready! 🔨 Explore the source changes: a7e8e06 🔍 Inspect the deploy log: https://app.netlify.com/sites/netlify-plugin-nextjs-static-root-demo/deploys/61dc621a3199db0007964da5 😎 Browse the preview: https://deploy-preview-1111--netlify-plugin-nextjs-static-root-demo.netlify.app |
|
✔️ Deploy Preview for netlify-plugin-nextjs-export-demo ready! 🔨 Explore the source changes: a7e8e06 🔍 Inspect the deploy log: https://app.netlify.com/sites/netlify-plugin-nextjs-export-demo/deploys/61dc621a255cd1000835a495 😎 Browse the preview: https://deploy-preview-1111--netlify-plugin-nextjs-export-demo.netlify.app |
|
✔️ Deploy Preview for netlify-plugin-nextjs-nx-monorepo-demo ready! 🔨 Explore the source changes: a7e8e06 🔍 Inspect the deploy log: https://app.netlify.com/sites/netlify-plugin-nextjs-nx-monorepo-demo/deploys/61dc621ac6768b000899e4d7 😎 Browse the preview: https://deploy-preview-1111--netlify-plugin-nextjs-nx-monorepo-demo.netlify.app/ |
|
Test summary
Run details
View run in Cypress Dashboard ➡️ This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
|
Test summary
Run details
View run in Cypress Dashboard ➡️ This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
|
Test summary
Run details
View run in Cypress Dashboard ➡️ This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
This PR contains the following updates:
0.10.0->1.0.0GitHub Vulnerability Alerts
GHSA-gf8q-jrpm-jvxq
Impact
The regex used for the
forge.util.parseUrlAPI would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.Patches
forge.util.parseUrland other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.Workarounds
Ensure code does not directly or indirectly call
forge.util.parseUrlwith untrusted input.References
For more information
If you have any questions or comments about this advisory:
GHSA-5rrq-pxf6-6jx5
Impact
The
forge.debugAPI had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.Patches
The
forge.debugAPI and related functions were removed in 1.0.0.Workarounds
Don't use the
forge.debugAPI directly or indirectly with untrusted input.References
For more information
If you have any questions or comments about this advisory:
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.