Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: octokit/rest.js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v20.1.1
Choose a base ref
Loading
...
head repository: octokit/rest.js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v20.1.2
Choose a head ref
Loading
  • 1 commit
  • 5 files changed
  • 2 contributors

Commits on Feb 26, 2025

  1. fix(deps): bump Octokit dependencies to address ReDos vulnerabilities… 

    …, bump `devDependencies` (#487)

This aims to resolve #486 `npm vulnerabilities with the 20.x branch

Should resolve:

GHSA-2p57-rm9w-gvfp
GHSA-3xgq-45jj-v275
GHSA-67mh-4wv8-2f99
GHSA-78xj-cgh5-2h22
GHSA-952p-6rrq-rcjv
GHSA-9qxr-qj54-h672
GHSA-9wv6-86v2-598j
GHSA-c2qf-rxjj-qqgw
GHSA-c76h-2ccp-4975
GHSA-c7qv-q95q-8v27
GHSA-f5x3-32g6-xq36
GHSA-grv7-fg5c-xmjg
GHSA-h5c3-5r3r-rr8q
GHSA-m4v8-wqvr-p9f7
GHSA-m6fv-jmcg-4jfg
GHSA-pxg6-pf52-xh8x
GHSA-qwcr-r2fm-qrc7
GHSA-rhx6-c78j-4q9w
GHSA-rmvr-2pp2-xj38
GHSA-xx4v-prfh-6cgc

----

<!-- Please describe the current behavior that you are modifying. -->

> 31 vulnerabilities (3 low, 18 moderate, 10 high)

![CleanShot 2025-02-21 at 12 06
39](https://github.com/user-attachments/assets/02abda17-8aee-46e3-b808-764672a18475)

<!-- Please describe the behavior or changes that are being added by
this PR. -->

> 9 moderate severity vulnerabilities

![CleanShot 2025-02-21 at 12 12
49](https://github.com/user-attachments/assets/10d593d8-9de5-478e-8cde-b5fb81762706)

**Important note**: the remaining reported 'moderate' vulnerabilities
for `@octokit/request` and `@octokit/plugin-paginate-rest` for
GHSA-h5c3-5r3r-rr8q and
GHSA-rmvr-2pp2-xj38 are actually mitigated
already; npm audit isn't taking the minor versions properly into account
as:

- @octokit/plugin-paginate-rest is patched in `9.2.2` (applied)
- @octokit/request is patched in `8.4.1` (applied)

This is a reporting issue: npm/cli#8125

**Important note**: this PR reduces updates (reduces :() test coverage
due to the same challenges discovered in
#413 (comment)

- [x] Tests for the changes have been added (for bug fixes / features)
- [ ] Docs have been reviewed and added / updated if needed (for bug
fixes / features)

<!-- If this introduces a breaking change make sure to note it here any
what the impact might be -->

Please see our docs on [breaking
changes](https://github.com/octokit/.github/blob/master/community/breaking_changes.md)
to help!

- [ ] Yes
- [x] No

----

---------

Co-authored-by: wolfy1339 <webmaster@wolfy1339.com>
    @benpbolton @wolfy1339
    benpbolton and wolfy1339 committed Feb 26, 2025
    Configuration menu
    Copy the full SHA
    711f2ee View commit details
    Browse the repository at this point in the history
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.