Ran
|
Files
16
|
Run time
26s
|
Badge
Embed ▾
README BADGES
|
push
travis-ci
[Security] Bump y18n from 4.0.0 to 4.0.1 (#231) Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-c4w7-xm78-47vh">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution</strong></p> <h3>Overview</h3> <p>The npm package <code>y18n</code> before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.</p> <h3>POC</h3> <pre><code>const y18n = require('y18n')(); <p>y18n.setLocale('<strong>proto</strong>'); y18n.updateLocale({polluted: true});</p> <p>console.log(polluted); // true </code></pre></p> <h3>Recommendation</h3> <p>Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.</p> <p>Affected versions: = 4.0.0</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yargs/y18n/blob/master/CHANGELOG.md">y18n's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.4...v5.0.5">5.0.5</a> (2020-10-25)</h3> <h3>Bug Fixes</h3> <ul> <li>address prototype pollution issue (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/108">#108</a>) (<a href="https://www.github.com/yargs/y18n/commit/a9ac604ab">a9ac604</a>)</li> </ul> <h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.3...v5.0.4">5.0.4</a> (2020-10-16)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>exports:</strong> node 13.0 and 13.1 require the dotted object form <em>with</em> a string fallback (<a href="https://www.github-redirect.dependabot.com/yargs/y18n/issues/105">#105</a>) (<a href="https://www.github.com/yargs/y18n/commit/4... (continued)
136 of 191 branches covered (71.2%)
Branch coverage included in aggregate %.
297 of 372 relevant lines covered (79.84%)
13.56 hits per line
Coverage | ∆ | File | Lines | Relevant | Covered | Missed | Hits/Line | Branch Hits | Branch Misses |
---|