Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves [High] Security Vulnerability in js-yaml #615

Merged
merged 1 commit into from
May 15, 2019
Merged

Resolves [High] Security Vulnerability in js-yaml #615

merged 1 commit into from
May 15, 2019

Conversation

mattxwang
Copy link
Contributor

As discussed in #600, js-yaml has a high-level security vulnerability, and cosmiconfig depends on it. In this PR, I bump up the version of cosmiconfig to 5.2.0 (which should introduce no breaking changes), and regenerate the yarn.lock file. Now, running yarn audit no longer yields any high severity security errors (though there is one moderate found in lodash, and many low-level security vulnerabilities as children of jest).

Please let me know if there's anything else I should do!

@mattxwang
resolves security vulnerability in #600
ef87e2c 
simply just updates the package.json to bump up cosmiconfig and re-runs yarn
@codecov
Copy link

codecov bot commented May 14, 2019
edited
Loading

Codecov Report

Merging #615 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #615   +/-   ##
=======================================
  Coverage   98.13%   98.13%           
=======================================
  Files          13       13           
  Lines         376      376           
  Branches       52       52           
=======================================
  Hits          369      369           
  Misses          7        7

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cbf0e0e...ef87e2c. Read the comment docs.

@okonet okonet merged commit 315890a into lint-staged:master May 15, 2019
@okonet
Copy link
Collaborator

okonet commented May 15, 2019

Thanks!

@okonet
Copy link
Collaborator

okonet commented May 15, 2019

🎉 This PR is included in version 8.1.7 🎉

The release is available on:

Your semantic-release bot 📦🚀

@rhymes rhymes mentioned this pull request May 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@okonet okonet okonet approved these changes

Assignees
No one assigned
Labels
released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mattxwang @okonet