[Security] Bump phin and load-bmfont (!56) · Merge requests · tools / botbot

Dependabot requested to merge dependabot-npm_and_yarn-multi-93f6d42b19 into master Jul 10, 2024

Bumps phin and load-bmfont. These dependencies needed to be updated together. Updates phin from 2.9.3 to 3.7.1 This update includes a security fix.

Vulnerabilities fixed

phin may include sensitive headers in subsequent requests after redirect

Impact

Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.

Patches

The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.

Workarounds

N/A. Please update to resolve the issue.

Patched versions: 3.7.1 Affected versions: < 3.7.1

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by ethan_, a new releaser for phin since your current version.

Updates load-bmfont from 1.4.1 to 1.4.2

Commits

3b02963 1.4.2
9001c01 update to newest phin
See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump phin and load-bmfont

Impact

Patches

Workarounds

Merge request reports