chore(deps): update dependency xml2js to ^0.5.0 [security] #101

renovate · 2023-04-11T05:30:53Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
xml2js	`^0.4.23` -> `^0.5.0`

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts

CVE-2023-0842

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Release Notes

Leonidas-from-XIV/node-xml2js (xml2js)

`v0.5.0`

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2023-04-11T05:31:57Z

Coverage report

St.^❔	Category	Percentage	Covered / Total
🔴	Statements	0%	0/380
🔴	Branches	0%	0/187
🔴	Functions	0%	0/107
🔴	Lines	0%	0/379

Test suite run success

0 tests passing in 1 suite.

Report generated by 🧪jest coverage report action from dc486f0

renovate bot added the renovate label Apr 11, 2023

renovate bot force-pushed the renovate/npm-xml2js-vulnerability branch 3 times, most recently from 45d9af3 to 6f32de0 Compare April 18, 2023 01:38

renovate bot changed the title ~~chore(deps): update dependency xml2js to ^0.5.0 [security]~~ chore(deps): update dependency xml2js to ^0.5.0 [security] - autoclosed May 16, 2023

renovate bot closed this May 16, 2023

renovate bot deleted the renovate/npm-xml2js-vulnerability branch May 16, 2023 01:52

renovate bot changed the title ~~chore(deps): update dependency xml2js to ^0.5.0 [security] - autoclosed~~ chore(deps): update dependency xml2js to ^0.5.0 [security] May 16, 2023

renovate bot reopened this May 16, 2023

renovate bot restored the renovate/npm-xml2js-vulnerability branch May 16, 2023 05:10

renovate bot force-pushed the renovate/npm-xml2js-vulnerability branch from 6f32de0 to 2fb4a58 Compare May 16, 2023 05:10

renovate bot changed the title ~~chore(deps): update dependency xml2js to ^0.5.0 [security]~~ chore(deps): update dependency xml2js to ^0.5.0 [security] - autoclosed Feb 23, 2024

renovate bot closed this Feb 23, 2024

renovate bot deleted the renovate/npm-xml2js-vulnerability branch February 23, 2024 22:51

renovate bot changed the title ~~chore(deps): update dependency xml2js to ^0.5.0 [security] - autoclosed~~ chore(deps): update dependency xml2js to ^0.5.0 [security] Feb 24, 2024

renovate bot reopened this Feb 24, 2024

renovate bot restored the renovate/npm-xml2js-vulnerability branch February 24, 2024 01:08

chore(deps): update dependency xml2js to ^0.5.0 [security]

dc486f0

renovate bot force-pushed the renovate/npm-xml2js-vulnerability branch from 2fb4a58 to dc486f0 Compare February 24, 2024 01:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency xml2js to ^0.5.0 [security] #101

chore(deps): update dependency xml2js to ^0.5.0 [security] #101

renovate bot commented Apr 11, 2023 •

edited

Loading

github-actions bot commented Apr 11, 2023 •

edited

Loading

chore(deps): update dependency xml2js to ^0.5.0 [security] #101

Are you sure you want to change the base?

chore(deps): update dependency xml2js to ^0.5.0 [security] #101

Conversation

renovate bot commented Apr 11, 2023 • edited Loading

GitHub Vulnerability Alerts

CVE-2023-0842

Release Notes

v0.5.0

Configuration

github-actions bot commented Apr 11, 2023 • edited Loading

Coverage report

Test suite run success

renovate bot commented Apr 11, 2023 •

edited

Loading

`v0.5.0`

github-actions bot commented Apr 11, 2023 •

edited

Loading