fix(deps): update dependency url-parse to v1.5.6 [security] #20270
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
requested review from
jennifer-shehane
and removed request for
a team
|
See the guidelines for reviewing dependency updates for info on how to review dependency update PRs. |
|
Test summary
Run details
View run in Cypress Dashboard ➡️ Flakiness
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
||||||||||||||||||||||||||
renovate
bot
force-pushed
the
renovate/npm-url-parse-vulnerability
branch
2 times, most recently
from
3c8041e
to
fd20d00
Compare
renovate
bot
force-pushed
the
renovate/npm-url-parse-vulnerability
branch
from
fd20d00
to
fb444ae
Compare
jennifer-shehane
approved these changes
Feb 21, 2022
tgriesser
added a commit
that referenced
this pull request
Feb 22, 2022
* develop: (35 commits) fix(deps): update dependency url-parse to v1.5.6 [security] (#20270) chore: fix cache keys to include PLATFORM (#20279) chore: fix server performance flake (#20271) test(system-tests): support docker-based tests against built binary (#20250) chore: fix system-test-firefox screenshots_spec flake (#20268) chore(deps): update dependency fs-extra to v9 🌟 (#19939) fix: Wait for child process to be ready (#19792) fix: treat form-data bodies as binary (#20144) test: replace cypress-test-example-repos coverage + remove bump (#20186) fix(driver): update wrapErr to ignore number and boolean values (#20172) release 9.5.0 [skip ci] chore: Update Chrome (stable) to 98.0.4758.102 (#20192) chore: enable volar.takeOverMode Add span names, merge develop fix: Update `.type(' ')` to not emit clicks when the keyup event has been prevented (#20156) test: remove redundant "other projects" CI jobs (#20133) chore(driver): move cy.focused and cy.root into their own files (#20054) Move sending root event to own script chore: release @cypress/vue-v3.1.1 chore: release @cypress/react-v5.12.3 ...
mschile
added a commit
that referenced
this pull request
Feb 23, 2022
commit fc7149e Merge: 0e942ed 0143e13 Author: Chris Breiding <chrisbreiding@gmail.com> Date: Wed Feb 23 10:28:34 2022 -0500 Merge branch 'develop' into feature-multidomain commit 0e942ed Author: Chris Breiding <chrisbreiding@users.noreply.github.com> Date: Wed Feb 23 10:28:03 2022 -0500 chore: Refactor multi-domain communication lifecycle (#20247) commit 0143e13 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Mon Feb 21 23:01:35 2022 +0000 fix(deps): update dependency url-parse to v1.5.6 [security] (#20270) Co-authored-by: Renovate Bot <bot@renovateapp.com> commit 1fb16b0 Author: Zach Bloomquist <git@chary.us> Date: Sun Feb 20 16:22:08 2022 -0500 chore: fix cache keys to include PLATFORM (#20279) * chore: fix cache keys to include PLATFORM * build this branch * try using platform_key commit 65ea8f7 Author: Ryan Manuel <ryanm@cypress.io> Date: Fri Feb 18 17:57:34 2022 -0600 chore: fix server performance flake (#20271) commit ad2f4de Author: Zach Bloomquist <git@chary.us> Date: Fri Feb 18 18:37:22 2022 -0500 test(system-tests): support docker-based tests against built binary (#20250) Co-authored-by: Ryan Manuel <ryanm@cypress.io> commit 75c8750 Author: Ryan Manuel <ryanm@cypress.io> Date: Fri Feb 18 12:54:26 2022 -0600 chore: fix system-test-firefox screenshots_spec flake (#20268) commit 8d28261 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Fri Feb 18 10:33:27 2022 -0600 chore(deps): update dependency fs-extra to v9 🌟 (#19939) Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Emily Rohrbough <emilyrohrbough@users.noreply.github.com> Co-authored-by: David Munechika <david@cypress.io> commit ad50062 Author: Johannes Ewald <mail@johannesewald.de> Date: Thu Feb 17 19:21:08 2022 +0100 fix: Wait for child process to be ready (#19792) Co-authored-by: Zach Bloomquist <github@chary.us> Co-authored-by: Zach Bloomquist <git@chary.us> commit 0d3e645 Author: Marco Lauinger <marco.lauinger@gmail.com> Date: Thu Feb 17 19:20:33 2022 +0100 fix: treat form-data bodies as binary (#20144) commit 42b0fce Author: Zach Bloomquist <git@chary.us> Date: Wed Feb 16 13:53:04 2022 -0500 test: replace cypress-test-example-repos coverage + remove bump (#20186) commit e55974c Merge: f84bac5 ce956de Author: Blue F <blue@cypress.io> Date: Wed Feb 16 09:47:06 2022 -0800 Merge pull request #20079 from cypress-io/issue-19403-perf-reporter-changes chore: Performance reporter changes commit f84bac5 Author: Ali Kireçligöl <alikirecligol@gmail.com> Date: Wed Feb 16 20:22:57 2022 +0300 fix(driver): update wrapErr to ignore number and boolean values (#20172) Co-authored-by: Emily Rohrbough <emilyrohrbough@users.noreply.github.com> commit 1e6f51a Author: BlueWinds <blue@everblue.info> Date: Tue Feb 15 10:18:49 2022 -0800 release 9.5.0 [skip ci] commit 507b96f Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue Feb 15 06:35:08 2022 -0600 chore: Update Chrome (stable) to 98.0.4758.102 (#20192) Co-authored-by: cypress-bot[bot] <2f0651858c6e38e0+cypress-bot[bot]@users.noreply.github.com> commit e8d7120 Merge: dff45ca bb26e98 Author: BlueWinds <blue@everblue.info> Date: Mon Feb 14 14:15:27 2022 -0800 Merge remote-tracking branch 'origin/master' into develop commit dff45ca Merge: a3f0d63 2bad703 Author: Blue F <blue@cypress.io> Date: Mon Feb 14 12:59:52 2022 -0800 Merge pull request #20142 from cypress-io/9b967e06f5-master-into-develop chore: merge master (9b967e0) into develop commit 2bad703 Merge: 9b967e0 a3f0d63 Author: Blue F <blue@cypress.io> Date: Mon Feb 14 12:26:14 2022 -0800 Merge branch 'develop' into 9b967e0-master-into-develop commit ce956de Author: BlueWinds <blue@everblue.info> Date: Mon Feb 14 08:21:15 2022 -0800 Add span names, merge develop commit ac1faf4 Merge: 961e764 2c88f0c Author: BlueWinds <blue@everblue.info> Date: Mon Feb 14 08:19:17 2022 -0800 Merge remote-tracking branch 'origin/develop' into issue-19403-perf-reporter-changes commit 961e764 Author: BlueWinds <blue@everblue.info> Date: Thu Feb 10 14:21:44 2022 -0800 Move sending root event to own script commit bb26e98 Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Thu Feb 10 15:16:39 2022 -0500 chore: release @cypress/vue-v3.1.1 [skip ci] commit 6a96ca5 Author: semantic-release-bot <semantic-release-bot@martynus.net> Date: Thu Feb 10 15:16:23 2022 -0500 chore: release @cypress/react-v5.12.3 [skip ci] commit 9b967e0 Author: Lachlan Miller <lachlan.miller.1990@outlook.com> Date: Thu Feb 10 16:26:20 2022 +1000 fix: set correct default when using react-scripts plugin (#20141) commit e709184 Merge: e0bf811 97e6c14 Author: Barthélémy Ledoux <bart@cypress.io> Date: Wed Feb 9 20:03:05 2022 -0600 Merge pull request #20132 from cypress-io/elevatebart/trigger-vue-release commit 97e6c14 Author: ElevateBart <ledouxb@gmail.com> Date: Wed Feb 9 17:52:38 2022 -0600 fix: create a dummy commit to trigger release commit fa0b68a Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 14:50:04 2022 -0800 Fix path commit f7c46fc Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 14:35:00 2022 -0800 Refactor async data into more convenient helper commit 57decf4 Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 13:21:57 2022 -0800 Include honeycomb key so we can send root event commit 3cf4a2b Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 12:55:50 2022 -0800 Reduce event duplication commit 9d433c7 Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 12:50:24 2022 -0800 Send root honeycomb event even if node_modules cache already exists commit 705262f Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 10:48:17 2022 -0800 Fix commit b9c0d5e Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 10:37:52 2022 -0800 fix indentation commit f694bd2 Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 10:33:15 2022 -0800 Another attempt to wrap all events into one trace commit 5e96b5c Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 09:52:17 2022 -0800 Attepmt to associate all circleci jobs for a given build into one trace commit 980b951 Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 09:34:59 2022 -0800 Tweak honeycomb events further commit b8f1b4f Merge: 0d834bc 52ed6ed Author: BlueWinds <blue@everblue.info> Date: Tue Feb 8 09:12:20 2022 -0800 Merge remote-tracking branch 'origin/develop' into issue-19403-perf-reporter-changes commit 0d834bc Author: BlueWinds <blue@everblue.info> Date: Mon Feb 7 12:25:35 2022 -0800 Add data to all events sent, not just top level commit ac5bfd3 Author: BlueWinds <blue@everblue.info> Date: Mon Feb 7 11:37:55 2022 -0800 Use honeycomb tracing commit 304d8bd Author: BlueWinds <blue@everblue.info> Date: Mon Feb 7 10:22:04 2022 -0800 Make performance-reporter for system tests use get-next-version script
|
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.5.2->1.5.6GitHub Vulnerability Alerts
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
Release Notes
unshiftio/url-parse
v1.5.6Compare Source
v1.5.5Compare Source
v1.5.4Compare Source
v1.5.3Compare Source
Configuration
📅 Schedule: "" in timezone America/New_York.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.