Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency webpack-subresource-integrity to 1.5.1 [security] #797

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency webpack-subresource-integrity to 1.5.1 [security] #797

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 3, 2021

WhiteSource Renovate

This PR contains the following updates:

Package Change
webpack-subresource-integrity 1.1.0-rc.6 -> 1.5.1

GitHub Vulnerability Alerts

CVE-2020-15262

Impact

All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.

Patches

This issue is patched in version 1.5.1.

Workarounds

N/A

References

waysact/webpack-subresource-integrity#131

For more information

If you have any questions or comments about this advisory:

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

codeclimate[bot]
codeclimate bot reviewed Jul 3, 2021
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 9686 lines exceeds the maximum allowed for the inline comments feature.

@satanTime satanTime closed this Jul 3, 2021
@renovate
Copy link
Contributor Author

renovate bot commented Jul 3, 2021

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (1.5.1). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.

@renovate renovate bot deleted the renovate/root/npm-webpack-subresource-integrity-vulnerability branch July 3, 2021 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeclimate codeclimate[bot] codeclimate left review comments

@getsaf getsaf Awaiting requested review from getsaf getsaf is a code owner

@ike18t ike18t Awaiting requested review from ike18t ike18t is a code owner

@satanTime satanTime Awaiting requested review from satanTime satanTime is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@satanTime @renovate-bot