audit-check issues

[Security] Bump y18n from 4.0.0 to 4.0.3

Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Prototype Pollution Overview The npm package y18n before versions...

dependabot-preview[bot]

dependencies

security

[Security] Bump @actions/http-client from 1.0.6 to 1.0.11

Bumps [@actions/http-client](https://github.com/actions/http-client) from 1.0.6 to 1.0.11. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Http request which redirect to another hostname do not...

dependabot-preview[bot]

dependencies

security

question - resolving open issues

for vulnerabilities that have been solved, will the action close the issue or will I need to manually close them? Also will the action create duplicate issues each run or...

avnerbarr

link to relevant code that has the security flaw

1

Hi all, I'd like a way to link between the security issue which was found and the code which is "flawed". That will make it much easier to track down...

avnerbarr

enhancement

[Security] Bump ssri from 8.0.0 to 8.0.1

Bumps [ssri](https://github.com/npm/ssri) from 8.0.0 to 8.0.1. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) ssri 5.2.2-8.0.0, fixed...

dependabot-preview[bot]

dependencies

security

[Security] Bump lodash from 4.17.15 to 4.17.21

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Prototype Pollution in lodash Versions of lodash prior to 4.17.19...

dependabot-preview[bot]

dependencies

security

[Security] Bump ini from 1.3.5 to 1.3.8

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Prototype Pollution Overview The ini npm package before version 1.3.6...

dependabot-preview[bot]

dependencies

security

[Security] Bump npm-registry-fetch from 8.0.2 to 8.1.5

Bumps [npm-registry-fetch](https://github.com/npm/registry-fetch) from 8.0.2 to 8.1.5. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Sensitive information exposure through logs in npm-registry-fetch Affected versions...

dependabot-preview[bot]

dependencies

security

[Security] Bump @actions/core from 1.2.4 to 1.2.6

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.4 to 1.2.6. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Environment Variable Injection in GitHub Actions Impact The @actions/core...

dependabot-preview[bot]

dependencies

security

[Security] Bump node-fetch from 2.6.0 to 2.6.1

Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. The size option isn't honored after following a redirect...

dependabot-preview[bot]

dependencies

security

audit-check
audit-check copied to clipboard

Metadata

[Security] Bump y18n from 4.0.0 to 4.0.3

[Security] Bump @actions/http-client from 1.0.6 to 1.0.11

question - resolving open issues

link to relevant code that has the security flaw

[Security] Bump ssri from 8.0.0 to 8.0.1

[Security] Bump lodash from 4.17.15 to 4.17.21

[Security] Bump ini from 1.3.5 to 1.3.8

[Security] Bump npm-registry-fetch from 8.0.2 to 8.1.5

[Security] Bump @actions/core from 1.2.4 to 1.2.6

[Security] Bump node-fetch from 2.6.0 to 2.6.1

← Metadata

Owner

Metadata

audit-check audit-check copied to clipboard

Metadata

← Metadata

Owner

Metadata

audit-check
audit-check copied to clipboard