Build(deps): [security] bump http-cache-semantics from 4.1.0 to 4.1.1 #917

2023-02-03T04:44:40Z

argoyle commented

2023-02-03 04:44:40 +00:00

(Migrated from gitlab.com)

Bumps http-cache-semantics from 4.1.0 to 4.1.1. This update includes a security fix.

Vulnerabilities fixed

http-cache-semantics vulnerable to Regular Expression Denial of Service http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Patched versions: 4.1.1 Affected versions: < 4.1.1

Commits

2449650 Update mocha
560b2d8 Don't use regex to trim whitespace
b1bdb92 Remove linting package zoo
c20dc7e Cache 308
See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> http-cache-semantics vulnerable to Regular Expression Denial of Service http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. Patched versions: 4.1.1 Affected versions: < 4.1.1 </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kornelski/http-cache-semantics/commit/24496504352199caf360d1b4d4a01efdc8a7249e"><code>2449650</code></a> Update mocha</li> <li><a href="https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74"><code>560b2d8</code></a> Don't use regex to trim whitespace</li> <li><a href="https://github.com/kornelski/http-cache-semantics/commit/b1bdb92638426fab978f31e1330b6833015cabf0"><code>b1bdb92</code></a> Remove linting package zoo</li> <li><a href="https://github.com/kornelski/http-cache-semantics/commit/c20dc7eeca608339143857953ee7ed9343fe6d3d"><code>c20dc7e</code></a> Cache 308</li> <li>See full diff in <a href="https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1">compare view</a></li> </ul> </details> --- <details> <summary>Dependabot commands</summary> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>

argoyle commented

2023-02-09 08:17:46 +00:00

(Migrated from gitlab.com)

added 4 commits

256f4cb0...734efc2a - 3 commits from branch master
79ac5626 - Build(deps): [security] bump http-cache-semantics from 4.1.0 to 4.1.1

Compare with previous version

added 4 commits <ul><li>256f4cb0...734efc2a - 3 commits from branch <code>master</code></li><li>79ac5626 - Build(deps): [security] bump http-cache-semantics from 4.1.0 to 4.1.1</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/868/diffs?diff_id=599228026&start_sha=256f4cb0705cd5a0a6fae8c292aef8ec4adf33fa)

argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2023-02-09 08:17:56 +00:00

argoyle (Migrated from gitlab.com) merged commit into master

2023-02-09 08:30:14 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#917