This repository has been archived by the owner on Jun 17, 2022. It is now read-only.
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #209
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-webpack-subresource-integrity-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #209
renovate
wants to merge
1
commit into
master
from
renovate/npm-webpack-subresource-integrity-vulnerability
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
6 times, most recently
from
March 10, 2021 23:04
52ac1be
to
b61d054
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
3 times, most recently
from
March 18, 2021 00:57
0113bf7
to
1b428ec
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
March 24, 2021 20:10
0f152b5
to
be5cc4f
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
5 times, most recently
from
April 1, 2021 02:31
32fa3d1
to
0621a0a
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
3 times, most recently
from
April 7, 2021 20:58
390cd1b
to
7816760
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
5 times, most recently
from
April 16, 2021 09:02
ca81d17
to
4fba7f2
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
4 times, most recently
from
April 28, 2021 20:57
2885fdb
to
f933977
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
from
May 3, 2021 20:36
f933977
to
040af6d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
November 16, 2021 19:53
6aeea36
to
ef02e32
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
3 times, most recently
from
November 23, 2021 23:28
53577d3
to
dddfac6
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
November 30, 2021 05:03
6505dee
to
1fef7ab
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
from
December 7, 2021 11:22
1fef7ab
to
1016417
Compare
renovate
bot
changed the title
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY]
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] - autoclosed
Dec 27, 2021
renovate
bot
deleted the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
December 27, 2021 21:13
renovate
bot
changed the title
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] - autoclosed
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY]
Dec 27, 2021
renovate
bot
restored the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
December 27, 2021 23:02
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
from
December 27, 2021 23:21
1016417
to
9e9e46f
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
January 13, 2022 06:00
e99fa32
to
fe09030
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
6 times, most recently
from
February 17, 2022 20:24
daa94b2
to
236aaab
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
March 4, 2022 08:57
22e80da
to
375e2ca
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
2 times, most recently
from
March 24, 2022 03:24
9c4ec77
to
a4262bd
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
from
April 28, 2022 16:18
a4262bd
to
b41c747
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-subresource-integrity-vulnerability
branch
from
April 28, 2022 19:51
b41c747
to
5888495
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.4.1
->1.5.1
GitHub Vulnerability Alerts
CVE-2020-15262
Impact
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Patches
This issue is patched in version 1.5.1.
Workarounds
N/A
References
https://github.com/waysact/webpack-subresource-integrity/issues/131
For more information
If you have any questions or comments about this advisory:
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled due to failing status checks.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.