Update dependency pdfkit to v0.8.7.2 [SECURITY] #2472

renovate · 2022-11-03T00:31:49Z

This PR contains the following updates:

Package	Update	Change
pdfkit	patch	`0.8.7` -> `0.8.7.2`

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.

Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

viezly · 2022-11-03T00:31:51Z

Pull request by bot. No need to analyze

renovate bot added the dependencies Pull requests that update a dependency file label Nov 3, 2022

renovate bot force-pushed the renovate/rubygems-pdfkit-vulnerability branch from b7c77d1 to 5da80da Compare November 7, 2022 10:41

renovate bot and others added 2 commits November 7, 2022 15:37

Update dependency pdfkit to v0.8.7.2 [SECURITY]

045b5f0

fixed tests

48c14b8

OlegPhenomenon force-pushed the renovate/rubygems-pdfkit-vulnerability branch from 5da80da to 48c14b8 Compare November 7, 2022 14:00

renovate bot force-pushed the renovate/rubygems-pdfkit-vulnerability branch from 48c14b8 to 8b9eced Compare November 8, 2022 07:22

OlegPhenomenon force-pushed the renovate/rubygems-pdfkit-vulnerability branch from 8b9eced to 1b0aa2f Compare November 8, 2022 07:51

updated test

7aa02f3

OlegPhenomenon force-pushed the renovate/rubygems-pdfkit-vulnerability branch from 1b0aa2f to 7aa02f3 Compare November 8, 2022 08:28

fixed test

f3b3eee

OlegPhenomenon merged commit 1c26cea into master Nov 8, 2022

renovate bot deleted the renovate/rubygems-pdfkit-vulnerability branch August 6, 2024 08:58

Provide feedback