Added osv-scanner.toml file to ignore npm packages in vuln scans. #2593
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…uring vulnerability scans.
|
I've been wondering, would it be worth it to run an |
|
It doesn't really change much. If I remember correctly this removes round about 5 vulnerabilities (tried it last week). To really clear them out most dependencies would need to be bumped to a new major version, I suspect. But I'm really not the right person to do that in npm. :) |
seanmonstar
approved these changes
Mar 11, 2025
kodiakhq bot
pushed a commit
to pdylanross/fatigue
that referenced
this pull request
Mar 12, 2025
Bumps reqwest from 0.12.12 to 0.12.13. Release notes Sourced from reqwest's releases. v0.12.13 What's Changed Add Form::into_reader() for blocking multipart forms. Add Form::into_stream() for async multipart forms. Add support for SOCKS4a proxies. Fix decoding responses with multiple zstd frames. Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods. Fix cloning of request timeout in blocking::Request. Fix http3 synchronization of connection creation, reducing unneccesary extra connections. Fix Windows system proxy to use ProxyOverride as a NO_PROXY value. Fix blocking read to correctly reserve and zero read buffer. (wasm) Add support for request timeouts. (wasm) Fix Error::is_timeout() to return true when from a request timeout. New Contributors @obi1kenobi made their first contribution in seanmonstar/reqwest#2524 @decathorpe made their first contribution in seanmonstar/reqwest#2529 @flisky made their first contribution in seanmonstar/reqwest#1760 @0x676e67 made their first contribution in seanmonstar/reqwest#2527 @maximevtush made their first contribution in seanmonstar/reqwest#2534 @Property404 made their first contribution in seanmonstar/reqwest#2554 @G1gg1L3s made their first contribution in seanmonstar/reqwest#2544 @coastalwhite made their first contribution in seanmonstar/reqwest#2562 @Fizcko made their first contribution in seanmonstar/reqwest#2559 @markussilvan made their first contribution in seanmonstar/reqwest#2573 @aunovis-heidrich made their first contribution in seanmonstar/reqwest#2593 Thanks! @seanmonstar @paolobarbolini @Nuhvi @Andrey36652 Full Changelog: seanmonstar/reqwest@v0.12.12...v0.12.13 Changelog Sourced from reqwest's changelog. v0.12.13 Add Form::into_reader() for blocking multipart forms. Add Form::into_stream() for async multipart forms. Add support for SOCKS4a proxies. Fix decoding responses with multiple zstd frames. Fix RequestBuilder::form() from overwriting a previously set Content-Type header, like the other builder methods. Fix cloning of request timeout in blocking::Request. Fix http3 synchronization of connection creation, reducing unneccesary extra connections. Fix Windows system proxy to use ProxyOverride as a NO_PROXY value. Fix blocking read to correctly reserve and zero read buffer. (wasm) Add support for request timeouts. (wasm) Fix Error::is_timeout() to return true when from a request timeout. Commits e44e371 v0.12.13 e83e138 Added osv-scanner.toml file to ignore npm packages in wasm examples during vu... 7e85d2f ci: pin once-cell in msrv job (#2594) c4a9fb0 test HTTP connection reuse with new zstd fix (#2587) 6f9d0ee fix: support HTTP responses containing multiple ZSTD frames (#2583) 44ac897 perf(decoder): compile-time validation of decoder header value (#2580) 0bcba46 chore: remove empty wasm shell function (#2573) 00b15b9 fix using Windows ProxyOverride registry value as a NO_PROXY (#2559) 0cf27a9 chore: Update js-sys from 0.3.45 -> 0.3.77 (#2562) e4ca07e ci: pin native-tls in msrv job (#2563) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #2592.