Branch: refs/heads/master
Home: https://github.com/jenkins-infra/jenkins.io
Commit: c579cb69cf34ccc1770988e989bdb16510544d32
https://github.com/jenkins-infra/jenkins.io/commit/c579cb69cf34ccc1770988e989bdb16510544d32
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M package-lock.json
M package.json
Log Message:
-----------
Fix npm security warnings with `npm audit fix`
The GitHub security warnings system alerted that there are security
issues in the components used to create the jenkins.io static site.
It recommended that we run `npm audit fix` to update to versions with
fixes. The update process resolved 11 of 12 warnings.
I have no indications that any of these security warnings affect the
jenkins.io static site. However, it is much easier to update to current
versions than to prove that the site is not affected.
Security warnings are:
- lodash - CVE-2019-10744, CVE-2019-1010266, CVE-2018-16487, CVE-2018-3721
* Vulnerable versions: < 4.17.12
* Patched version: 4.17.12
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying
properties of Object.prototype using a constructor payload.
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource
Consumption. The impact is: Denial of service. The component is: Date
handler. The attack vector is: Attacker provides very long strings,
which the library attempts to match using a regular expression. The
fixed version is: 4.7.11.
A prototype pollution vulnerability was found in lodash <4.17.11 where
the functions merge, mergeWith, and defaultsDeep can be tricked into
adding or modifying properties of Object.prototype.
lodash node module before 4.17.5 suffers from a Modification of
Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge,
and mergeWith functions, which allows a malicious user to modify the
prototype of "Object" via proto, causing the addition or modification
of an existing property that will exist on all objects.
- qs - CVE-2017-1000048
* Vulnerable versions: < 6.0.4
* Patched version: 6.0.4
the web framework using ljharb's qs module older than v6.3.2, v6.2.3,
v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send
a evil request to cause the web framework crash.
- minimist - CVE-2020-7598
* Vulnerable versions: >= 1.0.0, < 1.2.3
* Patched version: 1.2.3
minimist before 1.2.2 could be tricked into adding or modifying
properties of Object.prototype using a "constructor" or "proto" payload.
Commit: e1d0c7b6fea0183b5136f994c0f54cf23f1f51da
https://github.com/jenkins-infra/jenkins.io/commit/e1d0c7b6fea0183b5136f994c0f54cf23f1f51da
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/_data/roadmap/roadmap.yml
Log Message:
-----------
Describe ci.jenkins.io configuration as code
Resolve the TODO
Commit: 5161407285130df8f1d690747444cdb1be8c9443
https://github.com/jenkins-infra/jenkins.io/commit/5161407285130df8f1d690747444cdb1be8c9443
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/_data/roadmap/roadmap.yml
Log Message:
-----------
Fix broken link to OpenJ9 Docker images roadmap ticket
Commit: 1e3ebade4d5e30a0abe5ebded937ca381cf392cd
https://github.com/jenkins-infra/jenkins.io/commit/1e3ebade4d5e30a0abe5ebded937ca381cf392cd
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/projects/gsoc/mentors.adoc
Log Message:
-----------
Fix broken link to 2019 GSoC report
Commit: 612661b29e933a5d9766d65fe2ad5c5b6f33e3e4
https://github.com/jenkins-infra/jenkins.io/commit/612661b29e933a5d9766d65fe2ad5c5b6f33e3e4
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/blog/2019/12/2019-12-14-generic-webhook-trigger-plugin.adoc
Log Message:
-----------
Fix broken link in webook trigger plugin blog post
Commit: 6a24496ca25e35cb659044cc81d933b27a2328ad
https://github.com/jenkins-infra/jenkins.io/commit/6a24496ca25e35cb659044cc81d933b27a2328ad
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/doc/tutorials/build-a-labview-app.adoc
Log Message:
-----------
Fix broken image in LabView tutorial
Commit: 795856657460b60cbcf7f2b381e3d8927c02862f
https://github.com/jenkins-infra/jenkins.io/commit/795856657460b60cbcf7f2b381e3d8927c02862f
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/participate/test.adoc
Log Message:
-----------
Fix broken link to manual testing page
Commit: 5c64dcfb16f9559d98c219e611b84cf30fdeb136
https://github.com/jenkins-infra/jenkins.io/commit/5c64dcfb16f9559d98c219e611b84cf30fdeb136
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/doc/developer/publishing/artifact-repository.adoc
Log Message:
-----------
Fix broken link in artifact repository page
Commit: fbe77ab3b45030a990cc3c70863f005b6dce1c7d
https://github.com/jenkins-infra/jenkins.io/commit/fbe77ab3b45030a990cc3c70863f005b6dce1c7d
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/projects/gsoc/mentors.adoc
Log Message:
-----------
Fix student eligibility hyperlink
Commit: d3d60182824dcec48bab37e7f3a3824d6686712d
https://github.com/jenkins-infra/jenkins.io/commit/d3d60182824dcec48bab37e7f3a3824d6686712d
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
R content/doc/book/resources/tutorials/labview-15-build-sys-repo-env-var.PNG
A content/doc/book/resources/tutorials/labview-15-build-sys-repo-env-var.png
M content/doc/tutorials/build-a-labview-app.adoc
Log Message:
-----------
Use lower case png file name suffix
Commit: 28a1cebc02aec98e6e1a26248007c489257232aa
https://github.com/jenkins-infra/jenkins.io/commit/28a1cebc02aec98e6e1a26248007c489257232aa
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/doc/tutorials/build-a-labview-app.adoc
Log Message:
-----------
Remove duplicated sentence in LabView tutorial
Commit: 329241be5394471d6158262528360bc93ca5a23d
https://github.com/jenkins-infra/jenkins.io/commit/329241be5394471d6158262528360bc93ca5a23d
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/projects/gsoc/mentors.adoc
Log Message:
-----------
Spelling fix
Commit: 1787ba5432fb1e60afa3459e6a251acf2a20f21d
https://github.com/jenkins-infra/jenkins.io/commit/1787ba5432fb1e60afa3459e6a251acf2a20f21d
Author: Mark Waite <[email protected]>
Date: 2020-05-07 (Thu, 07 May 2020)
Changed paths:
M content/projects/gsoc/mentors.adoc
Log Message:
-----------
Another spelling fix
Commit: 44036d73b49dac6260e1c55f2c4b9bdfd2c485be
https://github.com/jenkins-infra/jenkins.io/commit/44036d73b49dac6260e1c55f2c4b9bdfd2c485be
Author: Oleg Nenashev <[email protected]>
Date: 2020-05-08 (Fri, 08 May 2020)
Changed paths:
M content/_data/roadmap/roadmap.yml
M content/blog/2019/12/2019-12-14-generic-webhook-trigger-plugin.adoc
R content/doc/book/resources/tutorials/labview-15-build-sys-repo-env-var.PNG
A content/doc/book/resources/tutorials/labview-15-build-sys-repo-env-var.png
M content/doc/developer/publishing/artifact-repository.adoc
M content/doc/tutorials/build-a-labview-app.adoc
M content/participate/test.adoc
M content/projects/gsoc/mentors.adoc
M package-lock.json
M package.json
Log Message:
-----------
Merge pull request #3183 from
MarkEWaite/fix-security-warnings-and-broken-links
Fix security warnings and broken links
Compare:
https://github.com/jenkins-infra/jenkins.io/compare/9e2b509cee3f...44036d73b49d
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkins-infra/jenkins.io/push/refs/heads/master/9e2b50-44036d%40github.com.
