quirrel-dev / quirrel / 5324558784
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 46
Run time 1s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
5324558784

push

github

web-flow 
fix(deps): update dependency fastify to v4.10.2 [security] (#1126)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [fastify](https://www.fastify.io/)
([source](https://togithub.com/fastify/fastify)) | [`4.9.2` ->
`4.10.2`](https://renovatebot.com/diffs/npm/fastify/4.9.2/4.10.2) |
[![age](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/compatibility-slim/4.9.2)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/confidence-slim/4.9.2)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2022-41919](https://togithub.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh)

### Impact

The attacker can use the incorrect `Content-Type` to bypass the
`Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s
[essence](https://mimesniff.spec.whatwg.org/#mime-type-essence) as
"application/x-www-form-urlencoded", "multipart/form-data", or
"text/plain", could potentially be used to invoke routes that only
accepts `application/json` content type, thus bypassing any [CORS
protection](https://fetch.spec.whatwg.org/#simple-header), and therefore
they could lead to a Cross-Site Request Forgery attack.

### Patches
For `4.x` users, please update to at least `4.10.2`
For `3.x` users, please update to at least `3.29.4`

### Workarounds

Implement Cross-Site Request Forgery protection using
[`@fastify/csrf`](https://www.npmjs.com/package/@​fast... (continued)

606 of 799 branches covered (75.84%)

Branch coverage included in aggregate %.

1148 of 1328 relevant lines covered (86.45%)

22.7 hits per line

Jobs
ID Job ID Ran Files Coverage
1 quirrel - 5324558784.1 46
82.46
 GitHub Action Run
Source Files on build 5324558784