haystack

haystack copied to clipboard

Update dependency async to 2.6.4 [SECURITY] - abandoned

1

[](https://renovatebot.com) This PR contains the following updates: | Package | Change | |---|---| | async | [`2.6.3` -> `2.6.4`](https://renovatebot.com/diffs/npm/async/2.6.3/2.6.4) | ### GitHub Vulnerability Alerts #### [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) A vulnerability exists...

renovate[bot]

Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.0.7 to 1.1.1. Changelog Sourced from eventsource's changelog. 1.1.1 Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal) 1.1.0 Improve performance...

dependabot[bot]

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...

dependabot[bot]

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...

dependabot[bot]

Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...

dependabot[bot]

Bumps [prismjs](https://github.com/PrismJS/prism) from 1.21.0 to 1.27.0. Release notes Sourced from prismjs's releases. v1.27.0 Release 1.27.0 v1.26.0 Release 1.26.0 v1.25.0 Release 1.25.0 v1.24.1 Release 1.24.1 v1.24.0 Release 1.24.0 v1.23.0 Release 1.23.0...

dependabot[bot]

Bumps [shelljs](https://github.com/shelljs/shelljs) from 0.8.4 to 0.8.5. Release notes Sourced from shelljs's releases. v0.8.5 This was a small security fix for #1058. Commits 70668a4 0.8.5 d919d22 fix(exec): lockdown file permissions (#1060)...

dependabot[bot]

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [set-getter](https://github.com/doowb/set-getter) from 0.1.0 to 0.1.1. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.32 to 7.0.36. Release notes Sourced from postcss's releases. 7.0.36 Backport ReDoS vulnerabilities from PostCSS 8. 7.0.35 Add migration guide link to PostCSS 8 error text. 7.0.34...

dependabot[bot]