-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency update for jest-reporters, addressing CVE-2022-25883 #14401
Conversation
✅ Deploy Preview for jestjs ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
9a2831e
to
6da7366
Compare
The fixed That said, happy to upgrade to the new major here regardless. Could you run |
7bbe8ce
to
ddf8a7f
Compare
@SimenB I've added Changelog message and signed the EasyCLA (10 times now), but it doesn't seem to update. Then there seems to be a timeout test error https://github.com/jestjs/jest/actions/runs/5822710774/job/15788003352?pr=14401#step:7:121 |
- istanbul-lib-instrument updated from 5.10.0 to 6.0.0 - istanbul-lib-instrument dropping support for node 10 - fixing semver vuln. CVE-2022-25883
fe92f35
to
94c1216
Compare
@SimenB I've squashed changes. CLA is sloved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Summary
Addressing https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 for semver coming in fromistanbul-lib-instrument@^5.1.0 and below.
See: istanbuljs/istanbuljs#731
Test plan
Green CI.