fix(deps): update dependency underscore to ~1.12.0 [security] #358
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
f51adf5
to
b277634
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
f83832f
to
dd4835e
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
dd4835e
to
c36893b
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
c36893b
to
d2bec8a
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
d9be4f0
to
00c56ae
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
9501556
to
d30518e
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
4400898
to
8538593
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
5 times, most recently
from
aae56ed
to
6f937ca
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
6f937ca
to
a0512ff
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
a0512ff
to
37f6866
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
37f6866
to
704ac98
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
9b5ea19
to
7d8f9f0
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
c8be84b
to
12b8b72
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
6a016bf
to
95062d5
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
95062d5
to
be113a8
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
6 times, most recently
from
721ad75
to
f0c9e17
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
5ab7b16
to
4510ec0
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
4510ec0
to
04e0f55
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
4c225dc
to
b25c1f0
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
b25c1f0
to
107413f
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
b22c908
to
99851de
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
4 times, most recently
from
25b3a26
to
a6a25df
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
2 times, most recently
from
6d68354
to
245e388
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
3 times, most recently
from
90411fa
to
ad279f5
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
ad279f5
to
78f0360
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
78f0360
to
d771336
Compare
renovate
bot
force-pushed
the
renovate/npm-underscore-vulnerability
branch
from
d771336
to
9854d3a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~1.8.3->~1.12.0GitHub Vulnerability Alerts
CVE-2021-23358
The package
underscorefrom 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.Release Notes
jashkenas/underscore (underscore)
v1.12.1Compare Source
v1.12.0Compare Source
v1.11.0Compare Source
v1.10.2Compare Source
v1.10.1Compare Source
v1.10.0Compare Source
v1.9.2Compare Source
v1.9.1Compare Source
v1.9.0Compare Source
Configuration
📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.