Update dependency codecov to v3.6.5 [SECURITY] #29

New issue

Jump to bottom

Open

renovate wants to merge 1 commit into master from renovate/npm-codecov-vulnerability

+99 −57

renovate bot commented Jul 4, 2020

This PR contains the following updates:

Package	Type	Update	Change
codecov	devDependencies	minor	`3.2.0` -> `3.6.5`

GitHub Vulnerability Alerts

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.

Release Notes

codecov/codecov-node

`v3.6.5`

`v3.6.4`

Fix for Cirrus CI

`v3.6.3`

AWS Codebuild fixes + package updates

`v3.6.2`

command line args sanitised

`v3.6.1`

Fix for Semaphore

`v3.6.0`

AWS CodeBuild
Semaphore v2

`v3.5.0`

`v3.4.0`

`v3.3.0`

Added pipe --pipe, -l

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.


          Update dependency codecov to v3.6.5 [SECURITY]

7ea1b4a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet