Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #646

Closed
wants to merge 1 commit into from
Closed

Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #646

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 29, 2021

WhiteSource Renovate

This PR contains the following updates:

Package Change
webpack-subresource-integrity 1.1.0-rc.6 -> 1.5.1
webpack-subresource-integrity 1.1.0-rc.4 -> 1.5.1

GitHub Vulnerability Alerts

CVE-2020-15262

Impact

All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.

Patches

This issue is patched in version 1.5.1.

Workarounds

N/A

References

waysact/webpack-subresource-integrity#131

For more information

If you have any questions or comments about this advisory:

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

codeclimate[bot]
codeclimate bot reviewed Jun 29, 2021
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 35870 lines exceeds the maximum allowed for the inline comments feature.

@codecov
Copy link

codecov bot commented Jun 29, 2021
edited

Codecov Report

Merging #646 (4649350) into master (3a21790) will not change coverage.
The diff coverage is n/a.

❗ Current head 4649350 differs from pull request most recent head 0c3ab47. Consider uploading reports for the commit 0c3ab47 to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##           master     #646   +/-   ##
=======================================
  Coverage   36.06%   36.06%           
=======================================
  Files           3        3           
  Lines          61       61           
  Branches        8        8           
=======================================
  Hits           22       22           
  Misses         39       39

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3a21790...0c3ab47. Read the comment docs.

@renovate renovate bot force-pushed the renovate/root/npm-webpack-subresource-integrity-vulnerability branch from c820c5e to cae754c Compare June 29, 2021 10:52
codeclimate[bot]
codeclimate bot reviewed Jun 29, 2021
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 35870 lines exceeds the maximum allowed for the inline comments feature.

@renovate renovate bot force-pushed the renovate/root/npm-webpack-subresource-integrity-vulnerability branch from cae754c to 4649350 Compare July 7, 2021 07:40
codeclimate[bot]
codeclimate bot reviewed Jul 7, 2021
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 35880 lines exceeds the maximum allowed for the inline comments feature.

@renovate renovate bot force-pushed the renovate/root/npm-webpack-subresource-integrity-vulnerability branch from 4649350 to 0c3ab47 Compare July 7, 2021 07:46
codeclimate[bot]
codeclimate bot reviewed Jul 7, 2021
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 35880 lines exceeds the maximum allowed for the inline comments feature.

@codeclimate
Copy link

codeclimate bot commented Jul 7, 2021

Code Climate has analyzed commit 0c3ab47 and detected 0 issues on this pull request.

View more on Code Climate.

@satanTime satanTime closed this Jul 7, 2021
@renovate
Copy link
Contributor Author

renovate bot commented Jul 7, 2021

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (1.5.1). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.

@renovate renovate bot deleted the renovate/root/npm-webpack-subresource-integrity-vulnerability branch July 7, 2021 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeclimate codeclimate[bot] codeclimate left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@satanTime @renovate-bot