dds.mil
dds.mil copied to clipboard
deptofdefense
The website of the Defense Digital Service.
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] utils.merge: avoid a crash with a null target and a truthy...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...
Bumps [engine.io](https://github.com/socketio/engine.io) and [socket.io](https://github.com/socketio/socket.io). These dependencies needed to be updated together. Updates `engine.io` from 3.4.2 to 3.6.1 Release notes Sourced from engine.io's releases. 3.6.1 :warning: This release contains an important...
Bumps [loader-utils](https://github.com/webpack/loader-utils) to 1.4.2 and updates ancestor dependency [gatsby-plugin-netlify-cms](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-plugin-netlify-cms). These dependencies need to be updated together. Updates `loader-utils` from 1.4.0 to 1.4.2 Release notes Sourced from loader-utils's releases. v1.4.2 1.4.2...
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 3.3.0 to 3.3.3. Release notes Sourced from socket.io-parser's releases. 3.3.2 Bug Fixes prevent DoS (OOM) via massive packets (#95) (89197a0) Links Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2 3.3.1 Links Diff: https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1...
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function. **CVE-2021-23337** `7.2/ 10` CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed...
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as `{"foo": /1"/, "bar": "a\"@__R--0__@"}` was serialized as `{"foo": /1"/,...
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. **CVE-2020-28481** `Severity Moderate` GHSA-fxwf-4rqh-v8g3