Skip to content

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 23, 2025

This PR contains the following updates:

Package Change Age Confidence
codeceptjs (source) 3.7.3 -> 3.7.5 age confidence

GitHub Vulnerability Alerts

CVE-2025-57285

CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.


Release Notes

Codeception/codeceptjs (codeceptjs)

v3.7.5

Compare Source

❤️ Thanks all to those who contributed to make this release! ❤️

v3.7.4

Compare Source

❤️ Thanks all to those who contributed to make this release! ❤️

🛩️ Features

  • Test Suite Shuffling: Randomize test execution order to discover test dependencies and improve test isolation (#​5051) - by @​NivYarmus


Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 23, 2025
@renovate renovate bot requested review from a team as code owners September 23, 2025 23:56
@renovate renovate bot requested review from danielwilsonkainos, jyothi-balla and reespozzi and removed request for a team September 23, 2025 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants