Skip to content

Bump github-changelog-generator #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Americas merged 1 commit into from
Mar 21, 2025
Merged

Bump github-changelog-generator #91

Americas merged 1 commit into from
Mar 21, 2025

Conversation

@risantos
Copy link
Member

@risantos risantos commented Mar 20, 2025
edited
Loading

Description

  • Bump github-changelog-generator clearing 2/2 security vulnerabilities on @github/github-changelog-generator.

Before update

$ yarn audit
yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ @octokit/request-error has a Regular Expression in index     │
│               │ that Leads to ReDoS Vulnerability Due to Catastrophic        │
│               │ Backtracking                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @octokit/request-error                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in>=5.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @uphold/github-changelog-generator                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @uphold/github-changelog-generator > @octokit/graphql >      │
│               │ @octokit/request > @octokit/request-error                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1102256                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ @octokit/request has a Regular Expression in fetchWrapper    │
│               │ that Leads to ReDoS Vulnerability Due to Catastrophic        │
│               │ Backtracking                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @octokit/request                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in>=8.4.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @uphold/github-changelog-generator                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @uphold/github-changelog-generator > @octokit/graphql >      │
│               │ @octokit/request                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1102896                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
2 vulnerabilities found - Packages audited: 624
Severity: 2 Moderate
✨  Done in 1.52s.

After update

$ yarn audit             
yarn audit v1.22.22
0 vulnerabilities found - Packages audited: 611
✨  Done in 0.74s.

@risantos risantos self-assigned this Mar 20, 2025
@risantos risantos requested a review from Americas March 20, 2025 16:05
@risantos risantos added the dependencies Pull requests that update a dependency file label Mar 20, 2025
@risantos risantos force-pushed the support/bump-github-changelog-generator branch 3 times, most recently from 6c5f532 to 67e4353 Compare March 21, 2025 00:57
@risantos
Bump @uphold/github-changelog-generator
18a35b3 
- Clears security vulnerabilities.
@risantos risantos force-pushed the support/bump-github-changelog-generator branch 2 times, most recently from 538bde5 to 18a35b3 Compare March 21, 2025 10:28
@Americas Americas changed the title Bump github-changelog-generator and add @types/node Bump github-changelog-generator Mar 21, 2025
@Americas Americas merged commit de94645 into master Mar 21, 2025
@Americas Americas deleted the support/bump-github-changelog-generator branch March 21, 2025 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Americas Americas Americas approved these changes

Assignees

@risantos risantos

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@risantos @Americas