Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency find-my-way to v8.2.2 [security] #11585

Merged
merged 1 commit into from
Sep 18, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 18, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
find-my-way 8.2.0 -> 8.2.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-45813

Impact

A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-.

Patches

Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions.

Workarounds

No known workarounds.

References


Release Notes

delvedor/find-my-way (find-my-way)

v8.2.2

Compare Source

⚠️ Security Release ⚠️

Fixes: GHSA-rrr8-f88r-h8q6 CVE-2024-45813

Full Changelog: delvedor/find-my-way@v8.2.0...v8.2.2

v8.2.1

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) September 18, 2024 16:24
@Josh-Walker-GM Josh-Walker-GM self-assigned this Sep 18, 2024
@Josh-Walker-GM Josh-Walker-GM added changesets-ok Override the changesets check release:dependency This PR only updates dependencies labels Sep 18, 2024
@Josh-Walker-GM Josh-Walker-GM added this to the next-release milestone Sep 18, 2024
@renovate renovate bot merged commit 09c2f06 into main Sep 18, 2024
53 of 58 checks passed
@renovate renovate bot deleted the renovate/npm-find-my-way-vulnerability branch September 18, 2024 16:42
Josh-Walker-GM pushed a commit that referenced this pull request Sep 19, 2024
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [find-my-way](https://redirect.github.com/delvedor/find-my-way) |
[`8.2.0` ->
`8.2.2`](https://renovatebot.com/diffs/npm/find-my-way/8.2.0/8.2.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/find-my-way/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/find-my-way/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/find-my-way/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/find-my-way/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[CVE-2024-45813](https://redirect.github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6)

### Impact

A bad regular expression is generated any time you have two parameters
within a single segment, when adding a `-` at the end, like `/:a-:b-`.

### Patches

Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions.

### Workarounds

No known workarounds.

### References

-
[CVE-2024-45296](https://redirect.github.com/advisories/GHSA-9wv6-86v2-598j)
- [Detailed blog post about `path-to-regexp`
vulnerability](https://blakeembrey.com/posts/2024-09-web-redos/)

---

### Release Notes

<details>
<summary>delvedor/find-my-way (find-my-way)</summary>

###
[`v8.2.2`](https://redirect.github.com/delvedor/find-my-way/releases/tag/v8.2.2)

[Compare
Source](https://redirect.github.com/delvedor/find-my-way/compare/186c7db33c6c6aaf4e8e68199722e217bdd69337...v8.2.2)

⚠️ Security Release ⚠️

Fixes:
GHSA-rrr8-f88r-h8q6
CVE-2024-45813

**Full Changelog**:
delvedor/find-my-way@v8.2.0...v8.2.2

###
[`v8.2.1`](https://redirect.github.com/delvedor/find-my-way/compare/v8.2.0...186c7db33c6c6aaf4e8e68199722e217bdd69337)

[Compare
Source](https://redirect.github.com/delvedor/find-my-way/compare/v8.2.0...186c7db33c6c6aaf4e8e68199722e217bdd69337)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
changesets-ok Override the changesets check release:dependency This PR only updates dependencies
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

1 participant