-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump 'async' from v2.4.2 to v3.2.2 to fix a prototype pollution exploit #802
Conversation
Hi @fadi-quader-mox! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
@robhogan has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
Thanks :) |
…it (#802) Summary: ## Summary The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
## Summary
The PR is essentially to update async to version 3.2.2 to fix t a prototype pollution exploit found in versions <
3.2.2
. The vulnerability was discovered by Snyk has discovered an exploit in and labelled as High Severity.