dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

Build(deps): [security] bump @sideway/formula from 3.0.0 to 3.0.1 #1159

Merged
argoyle merged 1 commits from dependabot-npm_and_yarn-sideway-formula-3.0.1 into master 2023-05-09 05:09:55 +00:00
Conversation 1 Commits 1 Files Changed 1
+3 -3
argoyle commented 2023-05-08 19:37:08 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Bumps @sideway/formula from 3.0.0 to 3.0.1. This update includes a security fix.

Vulnerabilities fixed

@​sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact

User-provided strings to formula's parser might lead to polynomial execution time.

Patches

Users should upgrade to 3.0.1+.

Workarounds

None.

Patched versions: 3.0.1 Affected versions: < 3.0.1

Commits
Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts
Bumps [@sideway/formula](https://github.com/sideway/formula) from 3.0.0 to 3.0.1. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> <p><strong><code>@​sideway/formula</code> contains Regular Expression Denial of Service (ReDoS) Vulnerability</strong></p> <h3>Impact</h3> <p>User-provided strings to formula's parser might lead to polynomial execution time.</p> <h3>Patches</h3> <p>Users should upgrade to 3.0.1+.</p> <h3>Workarounds</h3> <p>None.</p> <p>Patched versions: 3.0.1 Affected versions: &lt; 3.0.1</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hapijs/formula/commit/5b44c1bffc38135616fb91d5ad46eaf64f03d23b"><code>5b44c1b</code></a> 3.0.1</li> <li><a href="https://github.com/hapijs/formula/commit/9fbc20a02d75ae809c37a610a57802cd1b41b3fe"><code>9fbc20a</code></a> chore: better number regex</li> <li><a href="https://github.com/hapijs/formula/commit/41ae98e0421913b100886adb0107a25d552d9e1a"><code>41ae98e</code></a> Cleanup</li> <li><a href="https://github.com/hapijs/formula/commit/c59f35ec401e18cead10e0cedfb44291517610b1"><code>c59f35e</code></a> Move to Sideway</li> <li>See full diff in <a href="https://github.com/sideway/formula/compare/v3.0.0...v3.0.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~marsup">marsup</a>, a new releaser for <code>@​sideway/formula</code> since your current version.</p> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>
argoyle commented 2023-05-09 05:09:42 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 4 commits

  • a353d850...d2b74353 - 3 commits from branch master
  • 7fc5ca98 - Build(deps): [security] bump @sideway/formula from 3.0.0 to 3.0.1

Compare with previous version

added 4 commits <ul><li>a353d850...d2b74353 - 3 commits from branch <code>master</code></li><li>7fc5ca98 - Build(deps): [security] bump @sideway/formula from 3.0.0 to 3.0.1</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/1110/diffs?diff_id=675541774&start_sha=a353d850eb17530ceda938ea9224cf09fcdf9661)
argoyle (Migrated from gitlab.com) merged commit into master 2023-05-09 05:09:55 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label dependencies javascript security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#1159
Delete Branch "dependabot-npm_and_yarn-sideway-formula-3.0.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?