[Security] Bump ini from 1.3.5 to 1.3.8 #801

dependabot-preview · 2020-12-14T06:36:51Z

Bumps ini from 1.3.5 to 1.3.8. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Prototype Pollution

Overview

The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability.

If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

Patches

This has been patched in 1.3.6

Steps to reproduce

payload.ini
[__proto__]
polluted = "polluted"
poc.js:
var fs = require('fs')
</tr></table> ... (truncated)
Affected versions: < 1.3.6

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. **This update includes a security fix.** - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * Feature/1468 bulk quotes endpoints (#761) * version change * Added FSPIOP_CALLBACK_URL_BULK_QUOTES endpoint to seeds and updated population scripts and created one for local legacy simulator updated dependencies * updated dependencies to resolve audit issues * Feature/#1375: GET bulk transfer implementation (#760) * Add bulk get topic and handler * Implement GET bulk transfer logic * Restore default config * Add unit tests * Bump version * More bug fixes * Fix unit test * ensure error code is returned as string and not number for bulk get * Add bulk get to handlers list for cli startup (#765) * Reset package-lock.json to fix bug with version update for AJV (#766) * SemVar fix (#767) * Fix error callback for bulk transfers REJECTED scenario (#768) * Correct FSPIOP API version for admin API (#769) * #1547: Ignore "RESERVED" transferState from v1.0 clients on fulfill callback (#770) * Ignore RESERVE transferState from v1.0 clients on fulfil callback * Update package.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version to v111.1.2 to fix broken release (#771) * #1547: Fail transfer fulfill with "RESERVED" state and v1.0 content-type (#773) * Update dependencies * Bump version * Fix integration tests * #1547: Update dependencies (central-object-store etc.) (#774) * Update dependencies * Bump version * fix: package.json & package-lock.json to reduce vulnerabilities (#775) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103 * Fix bug in volumes of temp_curl service (#778) * Feature/#1615 content headers (#782) * updated shared lib version to support configurable api resource versions and updated timeout handler to use same resource versions * updated dependencies Co-authored-by: Valentin <valentin.genev@modusbox.com> * Fix error callback for expired transfers (#785) * Add unit tests for timeout callback fix (#786) * Bugfix/1710 1709 headers invalid case (#787) * updated dependencies for events and trace * forgot to run npm install * version change * Updated to newest shared library to cater for lowercase default headers for switch requests * updated dependencies for helm release (#789) * updated dependencies for events and trace * forgot to run npm install * version change * updated dependencies * BugFix 1444 - Ignore Dups on Seed insert (#792) * BugFix 1444 - Ignore Dups on Seed insert * bumped up the package.json version * fixed standard version * Update central-services-database and other deps (#793) * Update standard version & fix linting issues (#794) * Fix for mojaloop/project#1877 (#795) Fix for Central-ledger to provide consistent Timeout error code/messages for both timeout-callbacks and get-transfer requests-calbacks. * chore: update license file (#797) * #1885: Update API documentation endpoints (#798) * Update new API documentation endpoints * Resolve audit * Resolve license audit issues * Update plugins test * Add tests for Config * Force update event-stream to 4.0.1 to fix license audit * Refactor API_DOCUMENTATION_ENDPOINTS TO API_DOC_ENDPOINTS_ENABLED * [Security] Bump ini from 1.3.5 to 1.3.8 (#801) Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. **This update includes a security fix.** - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Edited CI to build PISP docker image. (#734) * Edited CI to build PISP docker image. * Addressed comments. * Updated ci to python 3. (#744) * Feature/335 thirdparty callbacks (#748) * Add new endpoint: `THIRDPARTY_CALLBACK_URL_TRX_REQ_POST` * cleanup * skip devDependencies in audit:check * Update pisp/master (#755) * fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * chore(package): update contributors list & deps * chore: audit & deps update Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * chore: add thirdparty endpoints to database seeds (#779) * chore: add thirdparty endpoints to database seeds * chore: update dependencies for vulnerabilities * refactor: change name length to accomodate new endpoints * chore: sync package-lock * chore: remove migrations and shorten endpoint names * chore: fix find and replace error * chore: fix spelling * feat: add patch thirdparty request seed (#783) * chore: add generate challenge endpoints (#790) * chore: add generate challenge endpoints * chore: fix description * chore: add get transaction request seed (#791) * chore: fix config * Updated ci to python 3. (#744) * Feature/335 thirdparty callbacks (#748) * Add new endpoint: `THIRDPARTY_CALLBACK_URL_TRX_REQ_POST` * cleanup * skip devDependencies in audit:check * Update pisp/master (#755) * fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * chore(package): update contributors list & deps * chore: audit & deps update Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * refactor: update pisp/master (#781) * fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * Feature/1468 bulk quotes endpoints (#761) * version change * Added FSPIOP_CALLBACK_URL_BULK_QUOTES endpoint to seeds and updated population scripts and created one for local legacy simulator updated dependencies * updated dependencies to resolve audit issues * Feature/#1375: GET bulk transfer implementation (#760) * Add bulk get topic and handler * Implement GET bulk transfer logic * Restore default config * Add unit tests * Bump version * More bug fixes * Fix unit test * ensure error code is returned as string and not number for bulk get * Add bulk get to handlers list for cli startup (#765) * Reset package-lock.json to fix bug with version update for AJV (#766) * SemVar fix (#767) * Fix error callback for bulk transfers REJECTED scenario (#768) * Correct FSPIOP API version for admin API (#769) * #1547: Ignore "RESERVED" transferState from v1.0 clients on fulfill callback (#770) * Ignore RESERVE transferState from v1.0 clients on fulfil callback * Update package.json Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> * Bump version to v111.1.2 to fix broken release (#771) * #1547: Fail transfer fulfill with "RESERVED" state and v1.0 content-type (#773) * Update dependencies * Bump version * Fix integration tests * #1547: Update dependencies (central-object-store etc.) (#774) * Update dependencies * Bump version * fix: package.json & package-lock.json to reduce vulnerabilities (#775) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103 * Fix bug in volumes of temp_curl service (#778) * Edited CI to build PISP docker image. (#734) * Edited CI to build PISP docker image. * Addressed comments. * Updated ci to python 3. (#744) * Update pisp/master (#755) * fix for python error in CI (#733) Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Ensure 'timeout-reserved' notification action passes through and not converted to 'abort' action (#736) * Update CS shared (#737) * Feature/1332 enable on-us transfers (#738) * Added ENABLE_ON_US_TRANSFERS * Bumped up the version * Feature/otc 525 implement get transaction object by transfer (#735) * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id - Post ledger entry Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * OTC-525 Implement GET transaction Object by transferId Bumput up versions * OTC-525 Implement GET transaction Object by transferId Resolved dependency updates * OTC-525 Implement GET transaction Object by transferId * OTC-525 Implement GET transaction Object by transferId Changes: Updated swagger def to include new endpoints for: - Get transaction by transfer id Added new method for: - Get transaction by transfer id Added unit tests for Get transaction by transfer id * changed docker dependency in circle CI image scan from python-dev to python3-dev (#741) * Updated python in some other places in circle CI (#742) * Fix the image scan step in circle CI * Resolved audit checks * Feature/#1335 aborted on put (#740) * added error log if action REJECT comes into fulfil handler Co-authored-by: Valentin <valentin.genev@modusbox.com> * Bugfix/deadlock on adjust limits (#745) * added unique index on participantLimit and logging * added unique index on participantLimit and logging * resolve audit issues * fixed coverage tests Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> * Updated dependencies and product version for issue: mojaloop/project#1378 (#747) * Update error message (#749) * Update error message when Payer FSP and Payee FSP are the same and on-us is not enabled.. (Added text "FSP" to specify) * Updated unit test * #1423: Bulk transfers error processing in Central Ledger (#743) * Updates for bulk error processing * Bump version * Updates for bulk transfer error processing * Updates for bulk transfer error processing * More updates for bulk error processing * changes to cater for bulk_abort * updated central-services-shared * Updates for bulk error processing * Add unit test for BULK_ABORT branch in transfer fulfil handler * Add unit test for BULK_ABORT branch in transfer facade * Small fix for position handler test for BULK_ABORT branch Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * Bump version for release (#750) * Feature/#1334 patch request notif (#751) * added handling of request for notification by payee functionality * improved coverage and added missing action letter Co-authored-by: Valentin <valentin.genev@modusbox.com> * chore(package): update contributors list & deps * chore: audit & deps update Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> * chore: add thirdparty endpoints to database seeds (#779) * chore: add thirdparty endpoints to database seeds * chore: update dependencies for vulnerabilities * refactor: change name length to accomodate new endpoints * chore: sync package-lock * chore: remove migrations and shorten endpoint names * chore: fix find and replace error * chore: fix spelling * chore: update packages * chore: sync package-lock Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: Snyk bot <github+bot@snyk.io> Co-authored-by: Ali Behnamfard <abehnamfard@users.noreply.github.com> Co-authored-by: eoln <2881004+eoln@users.noreply.github.com> * feat: add patch thirdparty request seed (#783) * chore: fix rebase errors and audit check Co-authored-by: shashi165 <33355509+shashi165@users.noreply.github.com> Co-authored-by: Shashi <shashikant.hirugade@modusbox.com> Co-authored-by: Steven Oderayi <oderayi@gmail.com> Co-authored-by: vijayg10 <33152110+vijayg10@users.noreply.github.com> Co-authored-by: lazolalucas <lazolalucas@users.noreply.github.com> Co-authored-by: Valentin Genev <vgenev@gmail.com> Co-authored-by: Valentin <valentin.genev@modusbox.com> Co-authored-by: Adrian Enns <ennsak@gmail.com> Co-authored-by: Sam <10507686+elnyry-sam-k@users.noreply.github.com> Co-authored-by: Rajiv Mothilal <rajivmothilal@gmail.com> Co-authored-by: Snyk bot <github+bot@snyk.io> Co-authored-by: Ali Behnamfard <abehnamfard@users.noreply.github.com> Co-authored-by: Miguel de Barros <miguel@debarros.me> Co-authored-by: Lewis Daly <lewis@vesselstech.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: eoln <2881004+eoln@users.noreply.github.com>

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. **This update includes a security fix.** - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

dependabot-preview bot added dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability labels Dec 14, 2020

dependabot-preview bot mentioned this pull request Dec 14, 2020

[Security] Bump ini from 1.3.5 to 1.3.7 #799

Closed

lewisdaly approved these changes Dec 15, 2020

View reviewed changes

lewisdaly merged commit ab96ea1 into master Dec 15, 2020

dependabot-preview bot deleted the dependabot/npm_and_yarn/ini-1.3.8 branch December 15, 2020 01:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Bump ini from 1.3.5 to 1.3.8 #801

[Security] Bump ini from 1.3.5 to 1.3.8 #801

dependabot-preview bot commented Dec 14, 2020

[Security] Bump ini from 1.3.5 to 1.3.8 #801

[Security] Bump ini from 1.3.5 to 1.3.8 #801

Conversation

dependabot-preview bot commented Dec 14, 2020

Overview

Patches

Steps to reproduce