Update dependency react-dev-utils to v11 [SECURITY] #28
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
a65e8c4 to
f6524f2
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
f6524f2 to
cd229d3
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
cd229d3 to
984339a
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
984339a to
0f21413
Compare
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
0f21413 to
bcd9b0c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
bcd9b0c to
1cf4283
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
1cf4283 to
4886b88
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
4886b88 to
ab3fb16
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
ab3fb16 to
44c2aff
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
44c2aff to
b779022
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
b779022 to
e659643
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
e659643 to
62b5413
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
62b5413 to
4678721
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
66301d5 to
b30377a
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
b30377a to
96fab44
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
96fab44 to
ec484a0
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
ec484a0 to
d1dcf71
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
d1dcf71 to
8c710c0
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
8c710c0 to
b10f494
Compare
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
b10f494 to
c2c10f0
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
c2c10f0 to
02dd2da
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
02dd2da to
bc584ad
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
bc584ad to
547610f
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
547610f to
e0b050d
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
e0b050d to
c736b18
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
c736b18 to
5ac3230
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-react-dev-utils-vulnerability
branch
from
5ac3230 to
2cb0ede
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^10.2.1->^11.0.4GitHub Vulnerability Alerts
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function,
getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.Release Notes
facebook/create-react-app (react-dev-utils)
v11.0.3Compare Source
v11.0.2Compare Source
v11.0.1Compare Source
v11.0.0Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.