Skip to content

[Security] Bump hosted-git-info from 2.8.8 to 2.8.9

Dependabot requested to merge dependabot-npm_and_yarn-hosted-git-info-2.8.9 into master

Bumps hosted-git-info from 2.8.8 to 2.8.9. This update includes a security fix.

Vulnerabilities fixed

Regular Expression Denial of Service in hosted-git-info The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Patched versions: 2.8.9 Affected versions: < 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.



Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading