Skip to content

Commit

Permalink
[Security] Bump is-my-json-valid from 2.17.1 to 2.19.0 (#298)
Browse files Browse the repository at this point in the history
Bumps [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid) from 2.17.1 to 2.19.0. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>

*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/b7e8b6ac-2aac-4ecc-91f6-86b529307e46).*

> **CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')**
> The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
> 
> Affected versions: <1.4.1; >=2.0.0 <2.17.2

*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/375.json).*

> **Regular Expression Denial of Service (ReDoS)**
> is-my-json-valid is vulnerable to Regular Expression Denial of Service (ReDoS) attacks via the email validation function
> 
> Affected versions: <1.4.1 || >=2.0.0 <2.17.2

</details>
<details>
<summary>Commits</summary>

- [`dcea5be`](mafintosh/is-my-json-valid@dcea5be) 2.19.0
- [`1712811`](mafintosh/is-my-json-valid@1712811) Merge pull request [#171](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/171) from mafintosh/ts-nullable
- [`fad4c91`](mafintosh/is-my-json-valid@fad4c91) Add nullable types to TypeScript typings
- [`484197f`](mafintosh/is-my-json-valid@484197f) Add test for nested object in typings
- [`4bec868`](mafintosh/is-my-json-valid@4bec868) Merge pull request [#168](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/168) from mafintosh/ts-oneof
- [`e8c30d5`](mafintosh/is-my-json-valid@e8c30d5) Add support for "oneOf" to TypeScript typings
- [`7160756`](mafintosh/is-my-json-valid@7160756) Merge pull request [#167](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/167) from mafintosh/ts-required
- [`88dad89`](mafintosh/is-my-json-valid@88dad89) Make "required" optional in TypeScript typings
- [`45b9708`](mafintosh/is-my-json-valid@45b9708) Fix assertions of union types
- [`20b299d`](mafintosh/is-my-json-valid@20b299d) Merge pull request [#166](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/166) from mafintosh/ts-tojson
- Additional commits viewable in [compare view](mafintosh/is-my-json-valid@v2.17.1...v2.19.0)
</details>
<br />

[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=is-my-json-valid&package-manager=npm_and_yarn&previous-version=2.17.1&new-version=2.19.0)](https://dependabot.com/compatibility-score.html?dependency-name=is-my-json-valid&package-manager=npm_and_yarn&previous-version=2.17.1&new-version=2.19.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>
  • Loading branch information
dependabot[bot] authored and Ned Zimmerman committed Nov 6, 2018
1 parent 6cb5e96 commit 24cd02c
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -5710,13 +5710,19 @@ is-jpg@^1.0.0:
resolved "https://registry.yarnpkg.com/is-jpg/-/is-jpg-1.0.0.tgz#2959c17e73430db38264da75b90dd54f2d86da1c"
integrity sha1-KVnBfnNDDbOCZNp1uQ3VTy2G2hw=

is-my-ip-valid@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/is-my-ip-valid/-/is-my-ip-valid-1.0.0.tgz#7b351b8e8edd4d3995d4d066680e664d94696824"
integrity sha512-gmh/eWXROncUzRnIa1Ubrt5b8ep/MGSnfAUI3aRp+sqTCs1tv1Isl8d8F6JmkN3dXKc3ehZMrtiPN9eL03NuaQ==

is-my-json-valid@^2.12.4:
version "2.17.1"
resolved "https://registry.yarnpkg.com/is-my-json-valid/-/is-my-json-valid-2.17.1.tgz#3da98914a70a22f0a8563ef1511a246c6fc55471"
integrity sha512-Q2khNw+oBlWuaYvEEHtKSw/pCxD2L5Rc1C+UQme9X6JdRDh7m5D7HkozA0qa3DUkQ6VzCnEm8mVIQPyIRkI5sQ==
version "2.19.0"
resolved "https://registry.yarnpkg.com/is-my-json-valid/-/is-my-json-valid-2.19.0.tgz#8fd6e40363cd06b963fa877d444bfb5eddc62175"
integrity sha512-mG0f/unGX1HZ5ep4uhRaPOS8EkAY8/j6mDRMJrutq4CqhoJWYp7qAlonIPy3TV7p3ju4TK9fo/PbnoksWmsp5Q==
dependencies:
generate-function "^2.0.0"
generate-object-property "^1.1.0"
is-my-ip-valid "^1.0.0"
jsonpointer "^4.0.0"
xtend "^4.0.0"

Expand Down

0 comments on commit 24cd02c

Please sign in to comment.