Github-Actionsbot

**Name of the Vulnerable Software and Affected Versions** Hawk versions prior to 9.0.1 **Description** Hawk is an HTTP authentication scheme that provides mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response. It was found to be vulnerable to a regular expression DoS attack due to the use of a regular expression to parse the `Host` HTTP header in the `Hawk.utils.parseHost()` function. This vulnerability allows an attacker to increase the computation time exponentially with each added character in the input. The `parseHost()` function was patched in version 9.0.1 to use the built-in `URL` class to parse the hostname instead. The `Hawk.authenticate()` function accepts an `options` argument, and if it contains `host` and `port`, those will be used instead of a call to `utils.parseHost()`. **Recommendations** For versions prior to 9.0.1, update to version 9.0.1 or later to fix the vulnerability. As a temporary workaround, consider passing `host` and `port` in the `options` argument to `Hawk.authenticate()` to avoid the use of `utils.parseHost()`.

Name of the Vulnerable Software and Affected Versions: Request versions 2.2.6 through 2.46.9 Request versions 2.51.0 through 2.67.0 Description: The issue affects the Request library when a multipart request is made and the body type is a number. In such cases, a buffer of the specified size is allocated and sent to the remote server as the body, potentially disclosing local system memory to remote systems. Recommendations: For Request versions 2.2.6 through 2.46.9, update to version 2.68.0 or later. For Request versions 2.51.0 through 2.67.0, update to version 2.68.0 or later.