sql-source-control
sql-source-control copied to clipboard
chore(deps): update dependency shelljs to 0.8.5 [security] - abandoned
This PR contains the following updates:
Package | Change |
---|---|
shelljs | 0.8.4 -> 0.8.5 |
GitHub Vulnerability Alerts
GHSA-64g7-mvw6-v9qj
Impact
Output from the synchronous version of shell.exec()
may be visible to other users on the same system. You may be affected if you execute shell.exec()
in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec()
as the root user.
Other shelljs functions (including the asynchronous version of shell.exec()
) are not impacted.
Patches
Patched in shelljs 0.8.5
Workarounds
Recommended action is to upgrade to 0.8.5.
References
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
For more information
If you have any questions or comments about this advisory:
- Ask at https://github.com/shelljs/shelljs/issues/1058
- Open an issue at https://github.com/shelljs/shelljs/issues/new
CVE-2022-0144
shelljs is vulnerable to Improper Privilege Management
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.