Skip to content
This repository has been archived by the owner on Mar 22, 2022. It is now read-only.

Update dependency vm2 to 3.9.6 [SECURITY] #339

Merged
merged 1 commit into from
Feb 15, 2022
Merged

Update dependency vm2 to 3.9.6 [SECURITY] #339

merged 1 commit into from
Feb 15, 2022

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Feb 15, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change
vm2 3.9.4 -> 3.9.6

GitHub Vulnerability Alerts

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot merged commit 620625f into master Feb 15, 2022
@renovate renovate bot deleted the renovate/npm-vm2-vulnerability branch February 15, 2022 03:21
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot