gnosis / dex-contracts / 6015
100%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 8
Run time 6min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
6015

push

travis-ci-com

web-flow 
[Security] Bump y18n from 3.2.1 to 3.2.2 (#1148)

Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. **This update includes a security fix.**
<details>
<summary>Vulnerabilities fixed</summary>
<p><em>Sourced from <a href="https://github.com/advisories/GHSA-c4w7-xm78-47vh">The GitHub Security Advisory Database</a>.</em></p>
<blockquote>
<p><strong>Prototype Pollution</strong></p>
<h3>Overview</h3>
<p>The npm package <code>y18n</code> before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.</p>
<h3>POC</h3>
<pre><code>const y18n = require('y18n')();
<p>y18n.setLocale('<strong>proto</strong>');
y18n.updateLocale({polluted: true});</p>
<p>console.log(polluted); // true
</code></pre></p>
<h3>Recommendation</h3>
<p>Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.</p>
<p>Affected versions: &lt; 3.2.2</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/yargs/y18n/commits">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~oss-bot">oss-bot</a>, a new releaser for y18n since your current version.</p>
</details>
<br />


[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=y18n&package-manager=npm_and_yarn&previous-version=3.2.1&new-version=3.2.2)](https://dependabot.com/compatibility-score/?dependency-name=y18n&package-manager=npm_and_yarn&previous-version=3.2.1&new-version=3.2.2)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependab... (continued)

100 of 100 branches covered (100.0%)

Branch coverage included in aggregate %.

277 of 277 relevant lines covered (100.0%)

82.51 hits per line

Jobs
ID Job ID Ran Files Coverage
1 6015.1 (NODE_OPTIONS=--max_old_space_size=4096) 8
100.0
 Travis Job 6015.1
Source Files on build 6015