geo.data.gouv.fr
geo.data.gouv.fr copied to clipboard
[Security] Bump eslint-utils from 1.3.1 to 1.4.3
Bumps eslint-utils from 1.3.1 to 1.4.3. This update includes security fixes.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
Critical severity vulnerability that affects eslint-utils
'getStaticValue' function can execute arbitrary code
Impact
getStaticValue
function can execute arbitrary code.Patches
This problem has been patched in 1.4.1. Please update
eslint-utils
.Workarounds
Don't use
getStaticValue
function,getStringIfConstant
function, andgetPropertyName
function.For more information
If you have any questions or comments about this advisory:
- Open an issue in eslint-utils
Affected versions: >= 1.2.0 < 1.4.1
Sourced from The GitHub Security Advisory Database.
Critical severity vulnerability that affects eslint-utils
'getStaticValue' function can execute arbitrary code
Impact
getStaticValue
function can execute arbitrary code.Patches
This problem has been patched in 1.4.1. Please update
eslint-utils
.Workarounds
Don't use
getStaticValue
function,getStringIfConstant
function, andgetPropertyName
function.For more information
If you have any questions or comments about this advisory:
- Open an issue in eslint-utils
Affected versions: >= 1.2.0 < 1.4.1
Commits
-
23f4ddc
🔖 1.4.3 -
8f9e481
🐛 fix reference tracker false positive -
6633278
⚒ fix test scripts -
7c8e67c
⚒ fix build scripts -
41ff95e
⚒ update dependencies -
4942012
⚒ fix build scripts -
f1c8d02
⚒ update build scripts -
a88598a
Create FUNDING.yml -
4e1bc07
1.4.2 -
e4cb014
🐛 add null test - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language -
@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Codecov Report
Merging #1009 into master will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## master #1009 +/- ##
======================================
Coverage 6.3% 6.3%
======================================
Files 118 118
Lines 1062 1062
======================================
Hits 67 67
Misses 995 995
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 923715b...f2d4454. Read the comment docs.
File name | Previous Size | New Size | Change |
---|---|---|---|
page-_error.js.gz | 185 bytes | 185 bytes | 0 bytes (0%) |
page-catalog.js.gz | 58.41 KB | 58.41 KB | 1 bytes (0%) |
page-catalogs.js.gz | 3.03 KB | 3.03 KB | 0 bytes (0%) |
page-dataset.js.gz | 18.98 KB | 18.98 KB | 0 bytes (0%) |
page-doc-publish-your-data.js.gz | 3.68 KB | 3.68 KB | 0 bytes (0%) |
page-doc.js.gz | 1.54 KB | 1.54 KB | 1 bytes (0%) |
page-events.js.gz | 2.24 KB | 2.24 KB | 0 bytes (0%) |
page-harvest.js.gz | 2.41 KB | 2.41 KB | 0 bytes (0%) |
page-index.js.gz | 5.11 KB | 5.11 KB | 0 bytes (0%) |
page-legal.js.gz | 816 bytes | 815 bytes | -1 bytes (0%) |
page-publication-datasets.js.gz | 5.1 KB | 5.1 KB | 0 bytes (0%) |
page-publication-organization.js.gz | 8.34 KB | 8.34 KB | 0 bytes (0%) |
page-publication-producers.js.gz | 4.56 KB | 4.56 KB | 0 bytes (0%) |
page-publication.js.gz | 3.32 KB | 3.32 KB | 1 bytes (0%) |
page-search.js.gz | 7.75 KB | 7.75 KB | 0 bytes (0%) |
page-doc-link-proxy.js.gz | 1.47 KB | 1.47 KB | 0 bytes (0%) |
page-embed-preview.js.gz | 5.78 KB | 5.78 KB | 1 bytes (0%) |
page-_app.js.gz | 2.37 KB | 2.37 KB | 0 bytes (0%) |
chunk-centered-map.[hash].js.gz | 177.84 KB | 177.84 KB | 0 bytes (0%) |
chunk-commons.[hash].js.gz | 136.33 KB | 136.33 KB | 0 bytes (0%) |
chunk-preview-table.[hash].js.gz | 12.81 KB | 12.81 KB | 0 bytes (0%) |
runtime-main-[hash].js.gz | 2.16 KB | 2.16 KB | -1 bytes (0%) |
runtime-webpack-[hash].js.gz | 1.2 KB | 1.2 KB | 0 bytes (0%) |