[Security] Bump http-cache-semantics from 4.1.0 to 4.1.1 (!67) · Merge requests · school / jaar2 / billy

Dependabot requested to merge dependabot-npm_and_yarn-http-cache-semantics-4.1.1 into master Feb 02, 2023

Bumps http-cache-semantics from 4.1.0 to 4.1.1. This update includes a security fix.

Vulnerabilities fixed

http-cache-semantics vulnerable to Regular Expression Denial of Service http-cache semantics contains an Inefficient Regular Expression Complexity , leading to Denial of Service. This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Patched versions: 4.1.1 Affected versions: < 4.1.1

Commits

See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump http-cache-semantics from 4.1.0 to 4.1.1

Merge request reports