New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency browserslist to v4.16.5 [SECURITY] - abandoned #94

Open

renovate wants to merge 1 commit into master from renovate/npm-browserslist-vulnerability

renovate bot commented Jun 6, 2021 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
browserslist	`4.6.6` -> `4.16.5`

GitHub Vulnerability Alerts

CVE-2021-23364

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Release Notes

browserslist/browserslist

`v4.16.5`

Fixed unsafe RegExp (by Yeting Li).

`v4.16.4`

Fixed unsafe RegExp.
Added artifactory support to --update-db (by Ittai Baratz).

`v4.16.3`

Fixed --update-db.

`v4.16.2`

Fixed --update-db (by @ialarmedalien).

`v4.16.1`

Fixed Chrome 4 with mobileToDesktop (by Aron Woost).

`v4.16.0`

`v4.15.0`

`v4.14.7`

Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
Added browser changes to --update-db (by @AleksandrSl).
Added color output to --update-db.
Updated package.funding to have link to our Open Collective.

`v4.14.6`

Fixed Yarn support in --update-db (by Ivan Storck).
Fixed npm 7 support in --update-db.

`v4.14.5`

Fixed last 2 electron versions query (by Sergey Melyukov).

`v4.14.4`

Fixed Unknown version 59 of op_mob error.

`v4.14.3`

Update Firefox ESR.

`v4.14.2`

Fixed --update-db on Windows (by James Ross).
Improved --update-db output.

`v4.14.1`

Added --update-db explanation (by Justin Zelinsky).

`v4.14.0`

`v4.13.0`

`v4.12.2`

Update Firefox ESR.

`v4.12.1`

Update package.json scanning tool for --update-db (by Luke Edwards).
Improve docs (by Mukundan Senthil).
Drop Node.js 13.0-13.6 support because of ES modules bug in that versions.

`v4.12.0`

`v4.11.1`

Fix Node.js 6 support.

`v4.11.0`

`v4.10.0`

`v4.9.1`

Normalize incorrect Can I Use regional data (by Huáng Jùnliàng).

`v4.9.0`

`v4.8.7`

Fix last N major versions (by Valeriy Trubachev).

`v4.8.6`

Fix Unknown version 10 of op_mob error in mobileToDesktop option.

`v4.8.5`

Fix last N browsers again after new caniuse-db API changes.

`v4.8.4`

Fix released versions detection for queries like last N browsers.
Add IE 11 Mobile to dead browsers.

`v4.8.3`

Fix warning message (by Anton Ivanov).

`v4.8.2`

Fix Cannot convert undefined or null to object (by Antoine Clausse).
Fix mobileToDesktop in defaults (by Huáng Jùnliàng).

`v4.8.1`

Fix Chrome and mobileToDesktop (by Huáng Jùnliàng).

`v4.8.0`

`v4.7.3`

Add funding link for npm fund.

`v4.7.2`

Add cache for query parsing.
Improve config caching (by Kārlis Gaņģis).
Update Firefox ESR.

`v4.7.1`

Improve caching.

`v4.7.0`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.


          Update dependency browserslist to v4.16.5 [SECURITY]

2137bdd

Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

renovate bot changed the title ~~Update dependency browserslist to v4.16.5 [SECURITY]~~ Update dependency browserslist to v4.16.5 [SECURITY] - abandoned

Author

renovate bot commented May 28, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet