Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin dependency grunt to v0.4.5 [SECURITY] #13

Merged
merged 1 commit into from May 31, 2021
Merged

Pin dependency grunt to v0.4.5 [SECURITY] #13

merged 1 commit into from May 31, 2021

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 6, 2021
edited

WhiteSource Renovate

This PR contains the following updates:

Package Type Update Change
grunt (source) devDependencies pin ~0.4.1 -> 0.4.5

GitHub Vulnerability Alerts

CVE-2020-7729

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

馃搶 Important: Renovate will wait until you have merged this Pin PR before creating any upgrade PRs for the affected packages. Add the preset :preserveSemverRanges to your config if you instead don't wish to pin dependencies.

Configuration

馃搮 Schedule: "" (UTC).

馃殾 Automerge: Disabled by config. Please merge this manually once you are satisfied.

鈾伙笍 Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

馃敃 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 84d6c3f to 93c21df Compare May 6, 2021 21:27
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 6, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 93c21df to 327c4eb Compare May 7, 2021 08:36
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to 0.4.5 [SECURITY] May 7, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 327c4eb to 059a832 Compare May 7, 2021 15:59
@renovate renovate bot changed the title Pin dependency grunt to 0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 7, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 059a832 to 9af7e99 Compare May 8, 2021 15:18
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to 0.4.5 [SECURITY] May 8, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 9af7e99 to b429236 Compare May 8, 2021 16:50
@renovate renovate bot changed the title Pin dependency grunt to 0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 8, 2021
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Update dependency grunt to v1 [SECURITY] - autoclosed May 10, 2021
@renovate renovate bot closed this May 10, 2021
@renovate renovate bot deleted the renovate/npm-grunt-vulnerability branch May 10, 2021 02:34
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] - autoclosed Update dependency grunt to v1 [SECURITY] May 10, 2021
@renovate renovate bot restored the renovate/npm-grunt-vulnerability branch May 10, 2021 04:19
@renovate renovate bot reopened this May 10, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from b429236 to 0876b48 Compare May 10, 2021 04:19
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to 0.4.5 [SECURITY] May 10, 2021
@renovate renovate bot changed the title Pin dependency grunt to 0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 10, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch 2 times, most recently from aa8d840 to a0b7c5a Compare May 15, 2021 12:46
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 15, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from a0b7c5a to a9cbcee Compare May 15, 2021 13:59
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 15, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from a9cbcee to 8e6af31 Compare May 21, 2021 09:52
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 21, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 8e6af31 to 13a5217 Compare May 21, 2021 15:09
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 21, 2021
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 22, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 13a5217 to e4de0f8 Compare May 22, 2021 12:44
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from e4de0f8 to a4125b9 Compare May 22, 2021 13:36
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 22, 2021
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 26, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch 2 times, most recently from 8d4a7e9 to 1fc3333 Compare May 26, 2021 10:01
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 26, 2021
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 29, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 1fc3333 to d80bcab Compare May 29, 2021 19:43
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 29, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from d80bcab to 279eb56 Compare May 29, 2021 21:02
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 30, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 279eb56 to 8162f1f Compare May 30, 2021 04:01
@renovate renovate bot changed the title Pin dependency grunt to v0.4.5 [SECURITY] Update dependency grunt to v1 [SECURITY] May 30, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 8162f1f to 146bec9 Compare May 30, 2021 04:34
@renovate renovate bot changed the title Update dependency grunt to v1 [SECURITY] Pin dependency grunt to v0.4.5 [SECURITY] May 31, 2021
@renovate renovate bot force-pushed the renovate/npm-grunt-vulnerability branch from 146bec9 to c4edba3 Compare May 31, 2021 07:42
@ff6347 ff6347 merged commit b572f07 into master May 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ff6347 @renovate-bot