devand
devand copied to clipboard
alepez
DevAndDev helps developers finding pair-programming partners.
> Lenient `hyper` header parsing of `Content-Length` could allow request smuggling | Details | | | ------------------- | ---------------------------------------------- | | Package | `hyper` | | Version | `0.10.16` |...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
> Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss | Details | | | ------------------- | ---------------------------------------------- | | Package | `hyper` | | Version...
> XSS in `comrak` | Details | | | ------------------- | ---------------------------------------------- | | Package | `comrak` | | Version | `0.7.0` | | URL | [https://github.com/kivikakk/comrak/releases/tag/0.10.1](https://github.com/kivikakk/comrak/releases/tag/0.10.1) | | Date...
> XSS in `comrak` | Details | | | ------------------- | ---------------------------------------------- | | Package | `comrak` | | Version | `0.7.0` | | URL | [https://github.com/kivikakk/comrak/releases/tag/0.9.1](https://github.com/kivikakk/comrak/releases/tag/0.9.1) | | Date...
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The workflow devand-web-builder-docker.yml is referencing action actions/checkout using references v1. However this reference is missing the commit [a6747255bd19d7a757dbdda8c654a9f84db19839](https://github.com/actions/checkout/commits/a6747255bd19d7a757dbdda8c654a9f84db19839) which may contain fix to the some vulnerability. The vulnerability fix that...
Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. Changelog Sourced from ssri's changelog. 6.0.2 (2021-04-07) Bug Fixes backport regex change from 8.0.1 (b30dfdb), closes #19 Commits b7c8c7c chore(release): 6.0.2 b30dfdb fix: backport...