Skip to content

chore(deps): update dependency @casl/ability to v6.7.5 [security]#613

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-casl-ability-vulnerability
Open

chore(deps): update dependency @casl/ability to v6.7.5 [security]#613
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-casl-ability-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Feb 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@casl/ability (source) 6.7.16.7.5 age confidence

CASL Ability is Vulnerable to Prototype Pollution

CVE-2026-1774 / GHSA-x9vf-53q3-cvx6

More information

Details

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

stalniy/casl (@​casl/ability)

v6.7.5: @​casl/ability: v6.7.5

Compare Source

Bug Fixes
  • ignores potentially insecure fields in rulesToFields (#​1093) (39da920)

v6.7.3

Compare Source

v6.7.2

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Feb 11, 2026
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch from e3fcabf to fe97398 Compare March 5, 2026 14:00
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch from fe97398 to 23328d5 Compare March 13, 2026 14:55
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-casl-ability-vulnerability branch March 27, 2026 00:44
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed chore(deps): update dependency @casl/ability to v6.7.5 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch 2 times, most recently from 23328d5 to 51ccada Compare March 30, 2026 18:10
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed chore(deps): update dependency @casl/ability to v6.7.5 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch 3 times, most recently from e843768 to 932f402 Compare May 3, 2026 19:33
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch from 932f402 to d471219 Compare May 9, 2026 16:03
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed Jul 1, 2026
@renovate renovate Bot closed this Jul 1, 2026
@renovate renovate Bot changed the title chore(deps): update dependency @casl/ability to v6.7.5 [security] - autoclosed chore(deps): update dependency @casl/ability to v6.7.5 [security] Jul 1, 2026
@renovate renovate Bot reopened this Jul 1, 2026
@renovate renovate Bot force-pushed the renovate/npm-casl-ability-vulnerability branch 2 times, most recently from d471219 to 2f795be Compare July 1, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants