fix(deps): update github vulnerability alerts [security] #227
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.20.2
->1.20.3
1.4.6
->1.4.7
2.29.1
->2.31.0
6.9.0
->6.10.2
7.34.3
->7.37.2
4.19.2
->4.20.0
2.0.6
->2.0.7
8.12.0
->8.13.1
1.5.4
->1.5.5
GitHub Vulnerability Alerts
CVE-2024-45590
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
CVE-2024-43796
Impact
In express <4.20.0, passing untrusted user input - even after sanitizing it - to
response.redirect()
may execute untrusted codePatches
this issue is patched in express 4.20.0
Workarounds
users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist
Details
successful exploitation of this vector requires the following:
Release Notes
expressjs/body-parser (body-parser)
v1.20.3
Compare Source
===================
depth
option to customize the depth level in the parserdepth
level for parsing URL-encoded data is now32
(previously wasInfinity
)expressjs/cookie-parser (cookie-parser)
v1.4.7
Compare Source
==========
hasOwnProperty
serialize
without options, useobj.hasOwnProperty
when parsingmain
topackage.json
for rspackpartitioned
optionpriority
optionexpires
option to reject invalid datesimport-js/eslint-plugin-import (eslint-plugin-import)
v2.31.0
Compare Source
Added
order
]: allow validating named imports ([#3043], thanks [@manuth])extensions
]: add thecheckTypeImports
option ([#2817], thanks [@phryneas])Fixed
ExportMap
/ flat config: includelanguageOptions
in context ([#3052], thanks [@michaelfaith])no-named-as-default
]: Allow using an identifier if the export is both a named and a default export ([#3032], thanks [@akwodkiewicz])export
]: False positive for exported overloaded functions in TS ([#3065], thanks [@liuxingbaoyu])exportMap
: export map cache is tainted by unreliable parse results ([#3062], thanks [@michaelfaith])exportMap
: improve cacheKey when using flat config ([#3072], thanks [@michaelfaith])Changed
no-relative-packages
]: fix typo ([#3066], thanks [@joshuaobrien])no-cycle
]: dont scc for each linted file ([#3068], thanks [@soryy708])no-cycle
]: adddisableScc
to docs ([#3070], thanks [@soryy708])RuleTester
([#3071], thanks [@G-Rath])no-restricted-paths
]: fix grammar ([#3073], thanks [@unbeauvoyage])no-default-export
], [no-named-export
]: add test case (thanks [@G-Rath])v2.30.0
Compare Source
Added
dynamic-import-chunkname
]: addallowEmpty
option to allow empty leading comments ([#2942], thanks [@JiangWeixian])dynamic-import-chunkname
]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode ([#3004], thanks [@amsardesai])no-unused-modules
]: AddignoreUnusedTypeExports
option ([#3011], thanks [@silverwind])Fixed
no-extraneous-dependencies
]: allow wrong path ([#3012], thanks [@chabb])no-cycle
]: use scc algorithm to optimize ([#2998], thanks [@soryy708])no-duplicates
]: Removing duplicates breaks in TypeScript ([#3033], thanks [@yesl-kim])newline-after-import
]: fix considerComments option when require ([#2952], thanks [@developer-bandi])order
]: do not compare first path segment for relative paths ([#2682]) ([#2885], thanks [@mihkeleidast])Changed
no-extraneous-dependencies
: Make glob pattern description more explicit ([#2944], thanks [@mulztob])no-unused-modules
]: add console message to help debug [#2866]ExportMap
: make procedures static instead of monkeypatching exportmap ([#2982], thanks [@soryy708])ExportMap
: separate ExportMap instance from its builder logic ([#2985], thanks [@soryy708])order
: Add a quick note on how unbound imports and --fix ([#2640], thanks [@minervabot])exportMapBuilder
: avoid hoisting ([#2989], thanks [@soryy708])ExportMap
: extract "builder" logic to separate files ([#2991], thanks [@soryy708])order
]: update the description of thepathGroupsExcludedImportTypes
option ([#3036], thanks [@liby])jsx-eslint/eslint-plugin-jsx-a11y (eslint-plugin-jsx-a11y)
v6.10.2
Compare Source
Fixed
no-redundandant-roles
: allow<img src="*.svg" role="img" />
#936
Commits
0d01a1a
es-iterator-helpers
aa075bd
d15d3ab
@babel/cli
,@babel/core
,@babel/eslint-parser
,@babel/plugin-transform-flow-strip-types
,@babel/register
5dad7c4
aria-role
: Add valid test for<svg role="img" />
daba189
label-has-associated-control
: add line breaks for readability0bc6378
label-has-associated-control
: add additional test cases30d2318
d92446c
v6.10.1
Compare Source
Commits
4925ba8
cb6788c
@babel/cli
,@babel/core
,@babel/eslint-parser
,@babel/plugin-transform-flow-strip-types
,@babel/register
,auto-changelog
,eslint-plugin-import
,tape
518a77e
es-iterator-helpers
,string.prototype.includes
eed03a3
2ee940c
a262131
aria-query
e517937
v6.10.0
Compare Source
Fixed
label-has-associated-control
: add additional error message#1005
label-has-associated-control
: ignore undetermined label text#966
Commits
a284cbf
deac4fd
attributes
settinga1ee7f8
6cd1a70
74d5dec
@babel/cli
,@babel/core
,@babel/eslint-parser
,@babel/plugin-transform-flow-strip-types
6eca235
0be7ea9
npm audit
instead ofaud
05a5e49
axobject-query
912e98c
axobject-query
75147aa
axe-core
27ff7cb
ce846e0
cca288b
jsx-eslint/eslint-plugin-react (eslint-plugin-react)
v7.37.2
Compare Source
Fixed
destructuring-assignment
]: fix false negative when usingtypeof props.a
(#3835 @golopot)Changed
destructuring-assignment
]: usegetParentStatelessComponent
(#3835 @golopot)v7.37.1
Compare Source
Fixed
d.ts
files (#3836 @ljharb)Changed
v7.37.0
Compare Source
Added
no-unescaped-entities
]: add suggestions (#3831 @StyleShit)forbid-component-props
]: addallowedForPatterns
/disallowedForPatterns
options (#3805 @Efimenko)no-unstable-nested-components
]: addpropNamePattern
to support custom render prop naming conventions (#3826 @danreeves)Changed
v7.36.1
Compare Source
Fixed
no-is-mounted
]: fix logic in method name check (#3821 @Mathias-S)jsx-no-literals
]: Avoid crashing on valueless boolean props (#3823 @reosarevok)v7.36.0
Compare Source
Added
no-string-refs
]: allow this.refs in > 18.3.0 (#3807 @henryqdineen)jsx-no-literals
] AddelementOverrides
option and the ability to ignore this rule on specific elements (#3812 @Pearce-Ropion)forward-ref-uses-ref
]: add rule for checking ref parameter is added ([#3667][] @NotWoods)Fixed
function-component-definition
], [boolean-prop-naming
], [jsx-first-prop-new-line
], [jsx-props-no-multi-spaces
],propTypes
: use type args (#3629 @HenryBrown0)jsx-props-no-spreading
]: addexplicitSpread
option to schema (#3799 @ljharb)Changed
no-danger
]: update broken link (#3817 @lucasrmendonca)button-has-type
: add test case with spread (#3731 @y-hsgw)v7.35.2
Compare Source
Fixed
jsx-curly-brace-presence
]: avoid autofixing attributes with double quotes to a double quoted attribute ([#3814][] @ljharb)undefined
[#1000]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1000%0A[#1002]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1002%0A[#1005]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1005%0A[#100]: https://github.com/jsx-eslint/eslint-plugin-react/issues/100%0A[#1010]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1010%0A[#1013]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1013%0A[#1022]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1022%0A[#1029]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1029%0A[#102]: https://github.com/jsx-eslint/eslint-plugin-react/issues/102%0A[#1034]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1034%0A[#1038]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1038%0A[#1041]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1041%0A[#1043]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1043%0A[#1046]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1046%0A[#1047]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1047%0A[#1050]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1050%0A[#1053]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1053%0A[#1057]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1057%0A[#105]: https://github.com/jsx-eslint/eslint-plugin-react/issues/105%0A[#1061]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1061%0A[#1062]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1062%0A[#1070]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1070%0A[#1071]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1071%0A[#1073]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1073%0A[#1076]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1076%0A[#1079]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1079%0A[#1088]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1088%0A[#1098]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1098%0A[#1101]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1101%0A[#1103]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1103%0A[#110]: https://github.com/jsx-eslint/eslint-plugin-react/issues/110%0A[#1116]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1116%0A[#1117]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1117%0A[#1119]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1119%0A[#1121]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1121%0A[#1122]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1122%0A[#1123]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1123%0A[#1130]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1130%0A[#1131]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1131%0A[#1132]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1132%0A[#1134]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1134%0A[#1135]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1135%0A[#1139]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1139%0A[#1148]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1148%0A[#1149]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1149%0A[#114]: https://github.com/jsx-eslint/eslint-plugin-react/pull/114%0A[#1151]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1151%0A[#1155]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1155%0A[#1161]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1161%0A[#1167]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1167%0A[#1173]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1173%0A[#1174]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1174%0A[#1175]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1175%0A[#1178]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1178%0A[#1179]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1179%0A[#117]: https://github.com/jsx-eslint/eslint-plugin-react/pull/117%0A[#1180]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1180%0A[#1183]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1183%0A[#1189]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1189%0A[#118]: https://github.com/jsx-eslint/eslint-plugin-react/issues/118%0A[#1192]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1192%0A[#1195]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1195%0A[#1199]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1199%0A[#119]: https://github.com/jsx-eslint/eslint-plugin-react/pull/119%0A[#11]: https://github.com/jsx-eslint/eslint-plugin-react/issues/11%0A[#1201]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1201%0A[#1202]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1202%0A[#1206]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1206%0A[#1213]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1213%0A[#1216]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1216%0A[#1222]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1222%0A[#1226]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1226%0A[#1227]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1227%0A[#122]: https://github.com/jsx-eslint/eslint-plugin-react/issues/122%0A[#1231]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1231%0A[#1236]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1236%0A[#1239]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1239%0A[#123]: https://github.com/jsx-eslint/eslint-plugin-react/pull/123%0A[#1241]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1241%0A[#1242]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1242%0A[#1246]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1246%0A[#1249]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1249%0A[#1253]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1253%0A[#1257]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1257%0A[#125]: https://github.com/jsx-eslint/eslint-plugin-react/issues/125%0A[#1260]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1260%0A[#1261]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1261%0A[#1262]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1262%0A[#1264]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1264%0A[#1266]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1266%0A[#1269]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1269%0A[#1273]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1273%0A[#1274]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1274%0A[#1277]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1277%0A[#127]: https://github.com/jsx-eslint/eslint-plugin-react/pull/127%0A[#1281]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1281%0A[#1287]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1287%0A[#1288]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1288%0A[#1289]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1289%0A[#128]: https://github.com/jsx-eslint/eslint-plugin-react/issues/128%0A[#1290]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1290%0A[#1294]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1294%0A[#1296]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1296%0A[#129]: https://github.com/jsx-eslint/eslint-plugin-react/issues/129%0A[#12]: https://github.com/jsx-eslint/eslint-plugin-react/issues/12%0A[#1301]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1301%0A[#1303]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1303%0A[#1306]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1306%0A[#1308]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1308%0A[#1309]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1309%0A[#130]: https://github.com/jsx-eslint/eslint-plugin-react/issues/130%0A[#1310]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1310%0A[#1323]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1323%0A[#1329]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1329%0A[#132]: https://github.com/jsx-eslint/eslint-plugin-react/issues/132%0A[#1335]: https://github.com/jsx-eslint/eslint-plugin-react/issues/1335%0A[#1337]: https://github.com/jsx-eslint/eslint-plugin-react/pull/1337%0A[#133]: [https://github.com/jsx-eslint/eslint-pl
Configuration
📅 Schedule: Branch creation - "every 3 months on the first day of the month" in timezone Europe/Stockholm, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.