abortable-rx icon indicating copy to clipboard operation
abortable-rx copied to clipboard

Published 20 hours ago β€’ verified publisher icon felixfbecker

chore(deps): update dependency mixin-deep to 1.3.2 [security] - abandoned

Open renovate[bot] opened this issue 4 years ago β€’ 2 comments

Mend Renovate

This PR contains the following updates:

Package Change
mixin-deep 1.3.1 -> 1.3.2

GitHub Vulnerability Alerts

CVE-2019-10746

Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.

Recommendation

If you are using mixin-deep 2.x, upgrade to version 2.0.1 or later. If you are using mixin-deep 1.x, upgrade to version 1.3.2 or later.

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar May 09 '21 22:05 renovate[bot]

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@0b60bfc). Click here to learn what that means. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             master       #44   +/-   ##
==========================================
  Coverage          ?   100.00%           
==========================================
  Files             ?         1           
  Lines             ?        73           
  Branches          ?         8           
==========================================
  Hits              ?        73           
  Misses            ?         0           
  Partials          ?         0

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 0b60bfc...7aacf0a. Read the comment docs.

codecov[bot] avatar May 09 '21 22:05 codecov[bot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

renovate[bot] avatar Mar 27 '23 17:03 renovate[bot]