chore(deps): update bfra-me/renovate-action action to v2.1.17 by bfra-me[bot] · Pull Request #52 · bfra-me/.github · GitHub
Skip to content

chore(deps): update bfra-me/renovate-action action to v2.1.17#52

Merged
bfra-me[bot] merged 1 commit into
mainfrom
renovate/patch-github-actions
Sep 26, 2023
Merged

chore(deps): update bfra-me/renovate-action action to v2.1.17#52
bfra-me[bot] merged 1 commit into
mainfrom
renovate/patch-github-actions

Conversation

@bfra-me

@bfra-me bfra-me Bot commented Sep 26, 2023

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
bfra-me/renovate-action action patch v2.1.16 -> v2.1.17

Release Notes

bfra-me/renovate-action (bfra-me/renovate-action)

v2.1.17

Compare Source

Miscellaneous Chores
  • deps: update bfra-me/renovate-action action to v2.1.16 (#​57) (e2b228a)
Build System
  • deps: update ghcr.io/renovatebot/renovate Docker tag to v36.108.0 (#​58) (0fe94be)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@bfra-me bfra-me Bot added automerge dependencies Dependency updates or security alerts labels Sep 26, 2023
@bfra-me bfra-me Bot enabled auto-merge (squash) September 26, 2023 20:16
@bfra-me bfra-me Bot merged commit 187d28a into main Sep 26, 2023
@bfra-me bfra-me Bot deleted the renovate/patch-github-actions branch September 26, 2023 20:16
fro-bot added a commit that referenced this pull request Jun 25, 2026
Force esbuild >=0.28.1 via pnpm-workspace.yaml overrides to fix:
- GHSA-#52: HIGH severity - Missing binary integrity verification in Deno module
- GHSA-#51: LOW severity - Arbitrary file read on Windows development server

Vulnerable range: >=0.17.0 <0.28.1
Patched range: >=0.28.1

Updates lockfile to resolve both transitive esbuild paths:
- .>tsx>esbuild (0.28.0 -> 0.28.1)
- .github__actions__renovate-changesets>tsup>esbuild (0.27.7 -> 0.28.1)

Fixes: #1959 (security section)
marcusrbrown pushed a commit that referenced this pull request Jun 25, 2026
Force esbuild >=0.28.1 via pnpm-workspace.yaml overrides to fix:
- GHSA-#52: HIGH severity - Missing binary integrity verification in Deno module
- GHSA-#51: LOW severity - Arbitrary file read on Windows development server

Vulnerable range: >=0.17.0 <0.28.1
Patched range: >=0.28.1

Updates lockfile to resolve both transitive esbuild paths:
- .>tsx>esbuild (0.28.0 -> 0.28.1)
- .github__actions__renovate-changesets>tsup>esbuild (0.27.7 -> 0.28.1)

Fixes: #1959 (security section)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates or security alerts

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants