[Security] Bump path-parse from 1.0.6 to 1.0.7 (!16) · Merge requests · tools / chat

Dependabot requested to merge dependabot-npm_and_yarn-path-parse-1.0.7 into master Jul 18, 2022

Bumps path-parse from 1.0.6 to 1.0.7. This update includes a security fix.

Vulnerabilities fixed

Regular Expression Denial of Service in path-parse Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Patched versions: 1.0.7 Affected versions: < 1.0.7

Commits

See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump path-parse from 1.0.6 to 1.0.7

Merge request reports