[Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (!8) · Merge requests · games / onder-ons

Dependabot requested to merge dependabot-npm_and_yarn-hosted-git-info-2.8.9 into master Jul 26, 2022

Bumps hosted-git-info from 2.8.8 to 2.8.9. This update includes a security fix.

Vulnerabilities fixed

Regular Expression Denial of Service in hosted-git-info The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Patched versions: 2.8.9 Affected versions: < 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

backport regex fix from #76 (29adfe5), closes #84

Commits

8d4b369 chore(release): 2.8.9
29adfe5 fix: backport regex fix from #76
See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump hosted-git-info from 2.8.8 to 2.8.9

2.8.9 (2021-04-07)

Bug Fixes

Merge request reports