[Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /webapp

Review changes
Download
Patches
Plain diff

Closed [Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /webapp

dependabot/npm_and_yarn/webapp/hosted-git-info-2.8.9 into master

Overview 0
Commits 1
Pipelines 0
Changes 2

Closed Hannes Heine requested to merge dependabot/npm_and_yarn/webapp/hosted-git-info-2.8.9 into master 4 years ago

Overview 0
Commits 1
Pipelines 0
Changes 2

Created by: dependabot-preview[bot]

️ Dependabot Preview has been deactivated ️

This pull request was created by Dependabot Preview, and you've upgraded to Dependabot. This means it won't respond to dependabot commands nor will it be automatically closed if a new version is found.

If you close this pull request, Dependabot will re-create it the next time it checks for updates and everything will work as expected.

Bumps hosted-git-info from 2.7.1 to 2.8.9. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service in hosted-git-info The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Affected versions: < 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

#61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62

Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

updated pathmatch for gitlab (e8325b5), closes #51

updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

8d4b369 chore(release): 2.8.9
29adfe5 fix: backport regex fix from #76
afeaefd chore(release): 2.8.8
5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
7440afa chore(release): 2.8.7
2d0bb66 fix: Do not attempt to use url.URL when unavailable
f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
e1b83df chore(release): 2.8.6
ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
624fd6f chore(release): 2.8.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

0 Assignees

None

Select assignees

0 Reviewers

None

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

No estimate or time spent

0 Participants