Skip to content
This repository was archived by the owner on Feb 6, 2025. It is now read-only.

chore(deps): update dependency ua-parser-js to 0.7.33 [security]#617

Closed
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-ua-parser-js-vulnerability
Closed

chore(deps): update dependency ua-parser-js to 0.7.33 [security]#617
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-ua-parser-js-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 17, 2023

Mend Renovate

This PR contains the following updates:

Package Change
ua-parser-js 0.7.28 -> 0.7.33

GitHub Vulnerability Alerts

CVE-2022-25927

Description:

A regular expression denial of service (ReDoS) vulnerability has been discovered in ua-parser-js.

Impact:

This vulnerability bypass the library's MAX_LENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.

Affected Versions:

All versions of the library prior to version 0.7.33 / 1.0.33.

Patches:

A patch has been released to remove the vulnerable regular expression, update to version 0.7.33 / 1.0.33 or later.

References:

Regular expression Denial of Service - ReDoS

Credits:

Thanks to @​Snyk who first reported the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 24, 2023
@renovate renovate bot closed this Mar 24, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 24, 2023 13:46
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 24, 2023
@renovate renovate bot reopened this Mar 24, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 24, 2023 18:50
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 24, 2023
@renovate renovate bot closed this Mar 24, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 24, 2023 20:34
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 25, 2023
@renovate renovate bot reopened this Mar 25, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 25, 2023 00:24
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 25, 2023
@renovate renovate bot closed this Mar 25, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 25, 2023 01:49
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 25, 2023
@renovate renovate bot reopened this Mar 25, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 25, 2023 06:49
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 27, 2023
@renovate renovate bot closed this Mar 27, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 27, 2023 19:47
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 27, 2023
@renovate renovate bot reopened this Mar 27, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 27, 2023 22:43
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 28, 2023
@renovate renovate bot closed this Mar 28, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 28, 2023 01:06
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 28, 2023
@renovate renovate bot reopened this Mar 28, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 28, 2023 07:16
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 28, 2023
@renovate renovate bot reopened this Mar 28, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 28, 2023 11:59
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 28, 2023
@renovate renovate bot closed this Mar 28, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 28, 2023 13:11
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 28, 2023
@renovate renovate bot reopened this Mar 28, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 28, 2023 18:42
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 30, 2023
@renovate renovate bot closed this Mar 30, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 00:13
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 30, 2023
@renovate renovate bot reopened this Mar 30, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 00:59
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 30, 2023
@renovate renovate bot closed this Mar 30, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 02:47
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 30, 2023
@renovate renovate bot reopened this Mar 30, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 07:15
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed Mar 30, 2023
@renovate renovate bot closed this Mar 30, 2023
@renovate renovate bot deleted the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 08:55
@renovate renovate bot changed the title chore(deps): update dependency ua-parser-js to 0.7.33 [security] - autoclosed chore(deps): update dependency ua-parser-js to 0.7.33 [security] Mar 30, 2023
@renovate renovate bot reopened this Mar 30, 2023
@renovate renovate bot restored the renovate/npm-ua-parser-js-vulnerability branch March 30, 2023 14:51
@khriztianmoreno khriztianmoreno deleted the renovate/npm-ua-parser-js-vulnerability branch January 29, 2024 13:27
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@khriztianmoreno