fix: use patched versions of vulnurable packages #489

snqb · 2023-08-10T15:15:48Z

We've had some vulnurable packages in our deps chain,
Just fixed those by running pnpm audit --fix
Thanks to the dependabot and security tab for finding those
https://github.com/logicalclocks/quartz/security/dependabot

ehsan-github · 2023-08-10T15:40:32Z

package.json

+      "axios@<0.21.1": ">=0.21.1",
+      "follow-redirects@<1.14.7": ">=1.14.7",
+      "axios@<0.21.2": ">=0.21.2",


Isn't "axios@<0.21.2": ">=0.21.2" sufficient?
as it overrides "axios@<0.21.1": ">=0.21.1"

## [3.6.1](v3.6.0...v3.6.1) (2023-08-30) ### Bug Fixes * **audit:** use patched versions of vulnerable packages ([#489](#489)) ([94a5eb9](94a5eb9))

ehsan-github · 2023-08-30T12:23:34Z

🎉 This PR is included in version 3.6.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

fix: use patched versions of vulnurable packages

6ebe0fb

ehsan-github reviewed Aug 10, 2023

View reviewed changes

ehsan-github merged commit 94a5eb9 into dev Aug 30, 2023

ehsan-github deleted the fix/vulnurable-packages-update branch August 30, 2023 12:22

ehsan-github pushed a commit that referenced this pull request Aug 30, 2023

chore(release): 3.6.1 [skip ci]

e519938

## [3.6.1](v3.6.0...v3.6.1) (2023-08-30) ### Bug Fixes * **audit:** use patched versions of vulnerable packages ([#489](#489)) ([94a5eb9](94a5eb9))

ehsan-github added the released label Aug 30, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: use patched versions of vulnurable packages #489

fix: use patched versions of vulnurable packages #489

snqb commented Aug 10, 2023

ehsan-github Aug 10, 2023

ehsan-github commented Aug 30, 2023

fix: use patched versions of vulnurable packages #489

fix: use patched versions of vulnurable packages #489

Conversation

snqb commented Aug 10, 2023

ehsan-github Aug 10, 2023

Choose a reason for hiding this comment

ehsan-github commented Aug 30, 2023