Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency shelljs to v0.8.5 [security] #2445

Merged
merged 2 commits into from
Jan 20, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 15, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
shelljs 0.8.4 -> 0.8.5 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-64g7-mvw6-v9qj

Impact

Output from the synchronous version of shell.exec() may be visible to other users on the same system. You may be affected if you execute shell.exec() in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec() as the root user.

Other shelljs functions (including the asynchronous version of shell.exec()) are not impacted.

Patches

Patched in shelljs 0.8.5

Workarounds

Recommended action is to upgrade to 0.8.5.

References

https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/

For more information

If you have any questions or comments about this advisory:


Release Notes

shelljs/shelljs

v0.8.5

Compare Source

This was a small security fix for #​1058.


Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the 🤖 Type: Dependencies Dependency updates or something similar label Jan 15, 2022
@changeset-bot
Copy link

changeset-bot bot commented Jan 15, 2022

⚠️ No Changeset found

Latest commit: 139d4c7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Jan 15, 2022

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/commercetools/merchant-center-application-kit/4y9hBtkcnRYraWEbbjU4f45cPFnD
✅ Preview: https://merchant-center-application-kit-git-renova-822685-commercetools.vercel.app

@renovate renovate bot force-pushed the renovate/npm-shelljs-vulnerability branch from 954df6d to 62fffee Compare January 15, 2022 04:30
@vercel vercel bot temporarily deployed to Preview January 15, 2022 04:30 Inactive
@vercel vercel bot temporarily deployed to Preview January 20, 2022 08:55 Inactive
@emmenko emmenko merged commit 62e4fc8 into main Jan 20, 2022
@emmenko emmenko deleted the renovate/npm-shelljs-vulnerability branch January 20, 2022 10:58
@ghost ghost mentioned this pull request Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🤖 Type: Dependencies Dependency updates or something similar
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants