Skip to content

[Security] Bump phin and load-bmfont

Dependabot requested to merge dependabot-npm_and_yarn-multi-93f6d42b19 into master

Bumps phin and load-bmfont. These dependencies needed to be updated together. Updates phin from 2.9.3 to 3.7.1 This update includes a security fix.

Vulnerabilities fixed

phin may include sensitive headers in subsequent requests after redirect

Impact

Users may be impacted if sending requests including sensitive data in specific headers with followRedirects enabled.

Patches

The follow-redirects library is now being used for redirects and removes some headers that may contain sensitive information in some situations.

Workarounds

N/A. Please update to resolve the issue.

Patched versions: 3.7.1 Affected versions: < 3.7.1

Commits
Maintainer changes

This version was pushed to npm by ethan_, a new releaser for phin since your current version.


Updates load-bmfont from 1.4.1 to 1.4.2

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading