Josephong.me

Josephong.me copied to clipboard

Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.15. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization Impact...

dependabot-preview[bot]

Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.3. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Path reaversal in url-parse url-parse before 1.5.0 mishandles certain...

dependabot-preview[bot]

Bumps [mocha](https://github.com/mochajs/mocha) from 4.1.0 to 9.0.3. Release notes Sourced from mocha's releases. v9.0.3 9.0.3 / 2021-07-25 :bug: Fixes #4702: Error rethrow from cwd-relative path while loading .mocharc.js (@​kirill-golovan) #4688: Usage...

dependabot-preview[bot]

Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.2 to 1.19.7. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Hostname spoofing via backslashes in URL Impact If using affected...

dependabot-preview[bot]

Upgrade to GitHub-native Dependabot

1

_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...

dependabot-preview[bot]

Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Potential memory exposure in dns-packet This affects the package...

dependabot-preview[bot]

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in hosted-git-info The npm...

dependabot-preview[bot]

Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Prototype Pollution Overview The npm package y18n before versions...

dependabot-preview[bot]

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.1 to 6.5.4. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Signature Malleabillity in elliptic The Elliptic package before version...

dependabot-preview[bot]