Created by: renovate[bot]
This PR contains the following updates:
Package | Change |
---|---|
y18n | 4.0.0 -> 4.0.1 |
GitHub Vulnerability Alerts
CVE-2020-7774
Overview
The npm package y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.
POC
const y18n = require('y18n')();
y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});
console.log(polluted); // true
Recommendation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
Configuration
-
If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.