Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: octokit/rest.js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v20.1.1
Choose a base ref
...
head repository: octokit/rest.js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v20.1.2
Choose a head ref
  • 1 commit
  • 5 files changed
  • 2 contributors

Commits on Feb 26, 2025

  1. fix(deps): bump Octokit dependencies to address ReDos vulnerabilities… 

    …, bump `devDependencies` (#487)

This aims to resolve #486 `npm vulnerabilities with the 20.x branch

Should resolve:

GHSA-2p57-rm9w-gvfp
GHSA-3xgq-45jj-v275
GHSA-67mh-4wv8-2f99
GHSA-78xj-cgh5-2h22
GHSA-952p-6rrq-rcjv
GHSA-9qxr-qj54-h672
GHSA-9wv6-86v2-598j
GHSA-c2qf-rxjj-qqgw
GHSA-c76h-2ccp-4975
GHSA-c7qv-q95q-8v27
GHSA-f5x3-32g6-xq36
GHSA-grv7-fg5c-xmjg
GHSA-h5c3-5r3r-rr8q
GHSA-m4v8-wqvr-p9f7
GHSA-m6fv-jmcg-4jfg
GHSA-pxg6-pf52-xh8x
GHSA-qwcr-r2fm-qrc7
GHSA-rhx6-c78j-4q9w
GHSA-rmvr-2pp2-xj38
GHSA-xx4v-prfh-6cgc

----

<!-- Please describe the current behavior that you are modifying. -->

> 31 vulnerabilities (3 low, 18 moderate, 10 high)

![CleanShot 2025-02-21 at 12 06
39](https://github.com/user-attachments/assets/02abda17-8aee-46e3-b808-764672a18475)

<!-- Please describe the behavior or changes that are being added by
this PR. -->

> 9 moderate severity vulnerabilities

![CleanShot 2025-02-21 at 12 12
49](https://github.com/user-attachments/assets/10d593d8-9de5-478e-8cde-b5fb81762706)

**Important note**: the remaining reported 'moderate' vulnerabilities
for `@octokit/request` and `@octokit/plugin-paginate-rest` for
GHSA-h5c3-5r3r-rr8q and
GHSA-rmvr-2pp2-xj38 are actually mitigated
already; npm audit isn't taking the minor versions properly into account
as:

- @octokit/plugin-paginate-rest is patched in `9.2.2` (applied)
- @octokit/request is patched in `8.4.1` (applied)

This is a reporting issue: npm/cli#8125

**Important note**: this PR reduces updates (reduces :() test coverage
due to the same challenges discovered in
#413 (comment)

- [x] Tests for the changes have been added (for bug fixes / features)
- [ ] Docs have been reviewed and added / updated if needed (for bug
fixes / features)

<!-- If this introduces a breaking change make sure to note it here any
what the impact might be -->

Please see our docs on [breaking
changes](https://github.com/octokit/.github/blob/master/community/breaking_changes.md)
to help!

- [ ] Yes
- [x] No

----

---------

Co-authored-by: wolfy1339 <webmaster@wolfy1339.com>
    @benpbolton @wolfy1339
    benpbolton and wolfy1339 committed Feb 26, 2025
    Configuration menu
    Copy the full SHA
    711f2ee View commit details
    Browse the repository at this point in the history
Loading