fka
fka copied to clipboard
f
Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.3.7 to 0.4.4. Release notes Sourced from jpeg-js's releases. v0.4.4 v0.4.4 (2022-06-07) feat: add comment tag encoding (#87) (13e1ffa), closes #87 fix: validate sampling factors (#106) (9ccd35f),...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [plist](https://github.com/TooTallNate/node-plist) from 3.0.1 to 3.0.6. Changelog Sourced from plist's changelog. 3.0.5 / 2022-03-23 [96e2303d05] Prototype Pollution using .parse() #114 (mario-canva) update browserify from 16 to 17 3.0.4 / 2021-08-27...
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8. Changelog Sourced from minimist's changelog. v1.2.8 - 2023-02-09 Merged [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17) [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12) [Fix]...
Bumps [cacheable-request](https://github.com/jaredwray/cacheable-request) to 10.2.7 and updates ancestor dependency [got](https://github.com/sindresorhus/got). These dependencies need to be updated together. Updates `cacheable-request` from 7.0.1 to 10.2.7 Release notes Sourced from cacheable-request's releases. v10.2.6 Fix...
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. Commits 2449650 Update mocha 560b2d8 Don't use regex to trim whitespace b1bdb92 Remove linting package zoo c20dc7e Cache 308 See full diff in compare...
Removes [xmldom](https://github.com/xmldom/xmldom). It's no longer used after updating ancestor dependency [plist](https://github.com/TooTallNate/node-plist). These dependencies need to be updated together. Removes `xmldom` Updates `plist` from 3.0.1 to 3.0.6 Changelog Sourced from plist's...
检测到 f/fka 一共引入了127个开源组件,存在6个漏洞 ``` 漏洞标题:normalize-url 安全漏洞 缺陷组件:[email protected] 漏洞编号:CVE-2021-33502 漏洞描述:normalize-url是开源的一个npm包。用于显示,存储,重复数据删除,排序,比较URL。 normalize-url package 4.5.1之前版本,5.3.1之前版本的5.x,6.0.1之前的6.x存在安全漏洞,该漏洞源于一个ReDoS(正则表达式拒绝服务)问题。 影响范围:[4.4.0, 4.5.1) 最小修复版本:4.5.1 缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected] ``` 另外还有6个漏洞,详细报告:https://mofeisec.com/jr?p=aab24f
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. Release notes Sourced from ansi-regex's releases. v5.0.1 Fixes (backport of 6.0.1 to v5) This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1,...
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...