[Security] Bump word-wrap from 1.2.3 to 1.2.4
Bumps word-wrap from 1.2.3 to 1.2.4. This update includes a security fix.
Vulnerabilities fixed
word-wrap vulnerable to Regular Expression Denial of Service All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
Patched versions: 1.2.4 Affected versions: <= 1.2.3; < 1.2.4
Release notes
Sourced from word-wrap's releases.
1.2.4
What's Changed
- Remove default indent by
@mohd-akram
in jonschlinkert/word-wrap#24🔒 fix: CVE 2023 26115 (2) by@OlafConijn
in jonschlinkert/word-wrap#41🔒 fix: CVE-2023-26115 by@aashutoshrathi
in jonschlinkert/word-wrap#33- chore: publish workflow by
@OlafConijn
in jonschlinkert/word-wrap#42New Contributors
@mohd-akram
made their first contribution in jonschlinkert/word-wrap#24@OlafConijn
made their first contribution in jonschlinkert/word-wrap#41@aashutoshrathi
made their first contribution in jonschlinkert/word-wrap#33Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4
Commits
-
f64b188
run verb to generate README -
03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow -
420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2 -
bfa694e
Update .github/workflows/publish.yml -
ace0b3c
chore: bump version to 1.2.4 -
6fd7275
chore: add publish workflow -
30d6daf
chore: fix test -
655929c
chore: remove package-lock -
49e08bb
chore: added an additional testcase -
9f62693
fix: cve 2023-26115 - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts