Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency codecov to v3.6.5 [SECURITY] #235

Merged
merged 1 commit into from
May 25, 2020
Merged

Update dependency codecov to v3.6.5 [SECURITY] #235

merged 1 commit into from
May 25, 2020

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 19, 2020
edited
Loading

This PR contains the following updates:

Package Type Update Change
codecov devDependencies patch 3.6.1 -> 3.6.5

GitHub Vulnerability Alerts

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.

Release Notes

codecov/codecov-node

v3.6.5

Compare Source

v3.6.4

Compare Source

Fix for Cirrus CI

v3.6.3

Compare Source

AWS Codebuild fixes + package updates

v3.6.2

Compare Source

command line args sanitised

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the renovate label Feb 19, 2020
@codecov
Copy link

codecov bot commented Feb 19, 2020
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@3473992). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             master      #235   +/-   ##
==========================================
  Coverage          ?   100.00%           
==========================================
  Files             ?         2           
  Lines             ?       131           
  Branches          ?         0           
==========================================
  Hits              ?       131           
  Misses            ?         0           
  Partials          ?         0

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3473992...3a95b05. Read the comment docs.

@renovate renovate bot force-pushed the renovate/npm-codecov-vulnerability branch from f87f05b to 3a95b05 Compare May 25, 2020 19:38
@alallier alallier merged commit 6c6d488 into master May 25, 2020
@alallier alallier deleted the renovate/npm-codecov-vulnerability branch May 25, 2020 19:41
alallier added a commit that referenced this pull request May 25, 2020
@alallier
3.0.5 / 2020-05-25
b97174f 
------------------

* Fixed bug where command line Reload where reload was writing to a file properly that broke on Node 14.x - See: #245
* GitHub Actions
  * Added Node 14.x to GitHub Actions CI
  * Removed Node 13.x from GitHub Actions due to end of life
* Dependency Updates
  * Updated codecov from 3.6.1 to 3.7.0 - See: #235 and #246
  * Updated commander from 4.1.0 to 5.1.0 - See: #246
  * Updated minimist from 1.2.0 to 1.2.3 (Security package-lock.json) - See: #236
  * Updated mocha from 7.0.0 to 7.1.2 - See: #233
  * Updated sinon from 8.0.4 to 9.0.2 - See: #231 and #234
  * Updated standard from 14.3.1 to 14.3.4 - See: #238
  * Updated nyc from 15.0.0 to 15.0.1 - See: #242
  * Updated ws from 7.2.0 to 7.3.0 - See: #244
alallier added a commit that referenced this pull request May 25, 2020
@alallier
3.0.5 / 2020-05-25
2cae18c 
------------------

* Fixed bug where command line Reload where reload was writing to a file properly that broke on Node 14.x - See: #245
* GitHub Actions - See: #247
  * Added Node 14.x to GitHub Actions CI
  * Removed Node 13.x from GitHub Actions due to end of life
* Dependency Updates
  * Updated codecov from 3.6.1 to 3.7.0 - See: #235 and #246
  * Updated commander from 4.1.0 to 5.1.0 - See: #246
  * Updated minimist from 1.2.0 to 1.2.3 (Security package-lock.json) - See: #236
  * Updated mocha from 7.0.0 to 7.1.2 - See: #233
  * Updated sinon from 8.0.4 to 9.0.2 - See: #231 and #234
  * Updated standard from 14.3.1 to 14.3.4 - See: #238
  * Updated nyc from 15.0.0 to 15.0.1 - See: #242
  * Updated ws from 7.2.0 to 7.3.0 - See: #244
@renovate renovate bot mentioned this pull request May 26, 2021
Open
1 task
@renovate renovate bot mentioned this pull request Jun 6, 2021
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alallier @renovate-bot