Skip to content
This repository has been archived by the owner on Jun 17, 2022. It is now read-only.

Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #209

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #209

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 4, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change
webpack-subresource-integrity 1.4.1 -> 1.5.1

GitHub Vulnerability Alerts

CVE-2020-15262

Impact

All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.

Patches

This issue is patched in version 1.5.1.

Workarounds

N/A

References

https://github.com/waysact/webpack-subresource-integrity/issues/131

For more information

If you have any questions or comments about this advisory:

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 6 times, most recently from 52ac1be to b61d054 Compare March 10, 2021 23:04
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 3 times, most recently from 0113bf7 to 1b428ec Compare March 18, 2021 00:57
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from 0f152b5 to be5cc4f Compare March 24, 2021 20:10
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 5 times, most recently from 32fa3d1 to 0621a0a Compare April 1, 2021 02:31
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 3 times, most recently from 390cd1b to 7816760 Compare April 7, 2021 20:58
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 5 times, most recently from ca81d17 to 4fba7f2 Compare April 16, 2021 09:02
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 4 times, most recently from 2885fdb to f933977 Compare April 28, 2021 20:57
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch from f933977 to 040af6d Compare May 3, 2021 20:36
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from 6aeea36 to ef02e32 Compare November 16, 2021 19:53
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 3 times, most recently from 53577d3 to dddfac6 Compare November 23, 2021 23:28
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from 6505dee to 1fef7ab Compare November 30, 2021 05:03
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch from 1fef7ab to 1016417 Compare December 7, 2021 11:22
@renovate renovate bot changed the title Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] - autoclosed Dec 27, 2021
@renovate renovate bot closed this Dec 27, 2021
@renovate renovate bot deleted the renovate/npm-webpack-subresource-integrity-vulnerability branch December 27, 2021 21:13
@renovate renovate bot changed the title Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] - autoclosed Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] Dec 27, 2021
@renovate renovate bot reopened this Dec 27, 2021
@renovate renovate bot restored the renovate/npm-webpack-subresource-integrity-vulnerability branch December 27, 2021 23:02
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch from 1016417 to 9e9e46f Compare December 27, 2021 23:21
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from e99fa32 to fe09030 Compare January 13, 2022 06:00
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 6 times, most recently from daa94b2 to 236aaab Compare February 17, 2022 20:24
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from 22e80da to 375e2ca Compare March 4, 2022 08:57
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch 2 times, most recently from 9c4ec77 to a4262bd Compare March 24, 2022 03:24
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch from a4262bd to b41c747 Compare April 28, 2022 16:18
@renovate renovate bot force-pushed the renovate/npm-webpack-subresource-integrity-vulnerability branch from b41c747 to 5888495 Compare April 28, 2022 19:51
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependency-update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@renovate-bot