tds-core icon indicating copy to clipboard operation
tds-core copied to clipboard

Published 20 hours ago verified publisher icon telus

chore(deps): update dependency netmask to 2.0.1 [security]

Open renovate[bot] opened this issue 3 years ago • 5 comments

Mend Renovate

This PR contains the following updates:

Package Change
netmask 1.0.6 -> 2.0.1

GitHub Vulnerability Alerts

CVE-2021-29418

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.

CVE-2021-28918

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.

:exclamation: NOTE: The fix for this issue was incomplete. A subsequent fix was made in version 2.0.1 which was assigned CVE-2021-29418 / GHSA-pch5-whg9-qr2r. For complete protection from this vulnerability an upgrade to version 2.0.1 or later is recommended.

Configuration

📅 Schedule: Branch creation - "" in timezone America/Vancouver, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Nov 30 '21 22:11 renovate[bot]

Links:

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDSBot avatar Nov 30 '21 22:11 TDSBot

Links:

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDSBot avatar Dec 03 '21 09:12 TDSBot

Links:

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDSBot avatar Dec 03 '21 22:12 TDSBot

Links:

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDSBot avatar Dec 07 '21 05:12 TDSBot

Links:

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

github-actions[bot] avatar Jul 17 '22 04:07 github-actions[bot]