Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lalaps Dashboard #92

Open
lalaps bot opened this issue Feb 2, 2022 · 0 comments
Open

Lalaps Dashboard #92

lalaps bot opened this issue Feb 2, 2022 · 0 comments

Comments

@lalaps
Copy link
Contributor

lalaps bot commented Feb 2, 2022
edited
Loading

This issue provides visibility into Lalaps updates and their statuses.

npm

decode-uri-component vulnerable to Denial of Service (DoS)
Library: decode-uri-component
Affected versions: <=0.2.0
Severity: low
Root Libraries:

  • danger

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Library: follow-redirects
Affected versions: <1.14.8
Severity: moderate
✔️ #138
✔️ #139
Root Libraries:

Got allows a redirect to a UNIX socket
Library: got
Affected versions: <11.8.5
Severity: moderate
✔️ #138
✔️ #139
Root Libraries:

minimatch ReDoS vulnerability
Library: minimatch
Affected versions: <3.0.5
Severity: high
Root Libraries:

Packing does not respect root-level ignore files in workspaces
Library: npm
Affected versions: >=7.9.0 <8.11.0
Severity: high
✔️ #138
✔️ #139
Root Libraries:

Authorization Bypass in parse-path
Library: parse-path
Affected versions: <5.0.0
Severity: high
Root Libraries:

Cross site scripting in parse-url
Library: parse-url
Affected versions: <6.0.1
Severity: moderate
✔️ #138
✔️ #139
Root Libraries:

Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Library: semantic-release
Affected versions: >=17.0.4 <19.0.3
Severity: moderate
✔️ #138
✔️ #139
Root Libraries:

Regular expression denial of service in semver-regex
Library: semver-regex
Affected versions: <3.1.4
Severity: low
✔️ #138
✔️ #139
Root Libraries:

Last Updated: 01 Dec 2022, at 01:29 UTC
pustovitDmytro pushed a commit that referenced this issue Feb 7, 2023
@renovate
Chore: Update devDependencies (non-major) (#92)
f492769 
| datasource | package                | from   | to     |
| ---------- | ---------------------- | ------ | ------ |
| npm        | @commitlint/cli        | 16.1.0 | 17.2.0 |
| npm        | @commitlint/lint       | 16.0.0 | 17.2.0 |
| npm        | eslint-plugin-markdown | 2.2.1  | 3.0.0  |
| npm        | eslint-plugin-unicorn  | 40.1.0 | 44.0.2 |
| npm        | husky                  | 7.0.4  | 8.0.2  |
| npm        | mocha                  | 9.2.0  | 10.1.0 |
| npm        | uuid                   | 8.3.2  | 9.0.0  |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
pustovitDmytro pushed a commit that referenced this issue Feb 7, 2023
@semantic-release-bot
Chore: (release) add version 2.2.1 [skip ci]
7b7e56d 
## [2.2.1](v2.2.0...v2.2.1) (2023-02-07)

### Chore

* anti-terrorism disclaimer ([96327fe](96327fe))
* drop extra coverage options ([04f7668](04f7668))
* fixes eslint-plugin-unicorn version ([dd45e9a](dd45e9a))
* fixes npm audit ([0500470](0500470))
* fixes some npm audit vulnerabilities ([b913fee](b913fee))
* increase ava timeout ([8c64b59](8c64b59))
* Lock file maintenance ([85b7c09](85b7c09))
* Update dependency danger to v11 ([1779a27](1779a27))
* Update devDependencies (non-major) ([01bd6c0](01bd6c0))
* Update devDependencies (non-major) ([85a0161](85a0161))
* Update devDependencies (non-major) (#66) ([69aac8f](69aac8f)), closes [#66](#66)
* Update devDependencies (non-major) (#92) ([f492769](f492769)), closes [#92](#92)

### Docs

* drop lgtm ([b1841f2](b1841f2))
* update logo ([bebc92b](bebc92b))
* update year in license ([64521cb](64521cb))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants