Title: [Security] Bump ssri from 6.0.1 to 6.0.2 by dependabot-preview[bot] · Pull Request #791 · dry-python/dry-python.github.io · GitHub
Open Graph Title: [Security] Bump ssri from 6.0.1 to 6.0.2 by dependabot-preview[bot] · Pull Request #791 · dry-python/dry-python.github.io
X Title: [Security] Bump ssri from 6.0.1 to 6.0.2 by dependabot-preview[bot] · Pull Request #791 · dry-python/dry-python.github.io
Description: Bumps ssri from 6.0.1 to 6.0.2. This update includes a security fix. Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. Affected versions: >= 5.2.2 < 6.0.2 Changelog Sourced from ssri's changelog. 6.0.2 (2021-04-07) Bug Fixes backport regex change from 8.0.1 (b30dfdb), closes #19 Commits b7c8c7c chore(release): 6.0.2 b30dfdb fix: backport regex change from 8.0.1 See full diff in compare view Maintainer changes This version was pushed to npm by nlf, a new releaser for ssri since your current version. Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. If all status checks pass Dependabot will automatically merge this pull request. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) @dependabot use these labels will set the current labels as the default for future PRs for this repo and language @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot dashboard: Update frequency (including time of day and day of week) Pull request limits (per update run and/or open at any time) Automerge options (never/patch/minor, and dev/runtime dependencies) Out-of-range updates (receive only lockfile updates, if desired) Security updates (receive only security updates, if desired)
Open Graph Description: Bumps ssri from 6.0.1 to 6.0.2. This update includes a security fix. Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) npm ssr...
X Description: Bumps ssri from 6.0.1 to 6.0.2. This update includes a security fix. Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) npm ssr...
Opengraph URL: https://github.com/dry-python/dry-python.github.io/pull/791
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:045bacc7-15e9-623b-d959-2766b60e9405 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | ADF4:2AEA36:25A048:32AE82:696AA3B4 |
| html-safe-nonce | 501480123ba636b2f65ec63d3252c03cfdc6cbe8ea569b598c0ce6988437b4d2 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBREY0OjJBRUEzNjoyNUEwNDg6MzJBRTgyOjY5NkFBM0I0IiwidmlzaXRvcl9pZCI6IjE2NjgyMDY2OTQ0Mjk3OTUyNTIiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | c17f78cf9c98d3922252ed52c70eefb18207d92a6a33cf9d87b3be144ddb970b |
| hovercard-subject-tag | pull_request:617150749 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/dry-python/dry-python.github.io/pull/791/files |
| twitter:image | https://avatars.githubusercontent.com/in/2141?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/2141?s=400&v=4 |
| og:image:alt | Bumps ssri from 6.0.1 to 6.0.2. This update includes a security fix. Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) npm ssr... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | a51f97dbb9326f71c08ecb61577457d543c602124d1a2672871258ef37ac5261 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/dry-python/dry-python.github.io git https://github.com/dry-python/dry-python.github.io.git |
| octolytics-dimension-user_id | 37993755 |
| octolytics-dimension-user_login | dry-python |
| octolytics-dimension-repository_id | 137952335 |
| octolytics-dimension-repository_nwo | dry-python/dry-python.github.io |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 137952335 |
| octolytics-dimension-repository_network_root_nwo | dry-python/dry-python.github.io |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4bd0eac606c70914085176ef312ebdcd97a8cdf1 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width