New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #646
Update dependency webpack-subresource-integrity to 1.5.1 [SECURITY] #646
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR diff size of 35870 lines exceeds the maximum allowed for the inline comments feature.
Codecov Report
@@ Coverage Diff @@
## master #646 +/- ##
=======================================
Coverage 36.06% 36.06%
=======================================
Files 3 3
Lines 61 61
Branches 8 8
=======================================
Hits 22 22
Misses 39 39 Continue to review full report at Codecov.
|
c820c5e
to
cae754c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR diff size of 35870 lines exceeds the maximum allowed for the inline comments feature.
cae754c
to
4649350
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR diff size of 35880 lines exceeds the maximum allowed for the inline comments feature.
4649350
to
0c3ab47
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR diff size of 35880 lines exceeds the maximum allowed for the inline comments feature.
Code Climate has analyzed commit 0c3ab47 and detected 0 issues on this pull request. View more on Code Climate. |
Renovate Ignore NotificationAs this PR has been closed unmerged, Renovate will now ignore this update (1.5.1). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened. |
This PR contains the following updates:
1.1.0-rc.6
->1.5.1
1.1.0-rc.4
->1.5.1
GitHub Vulnerability Alerts
CVE-2020-15262
Impact
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Patches
This issue is patched in version 1.5.1.
Workarounds
N/A
References
waysact/webpack-subresource-integrity#131
For more information
If you have any questions or comments about this advisory:
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.