Skip to content
This repository has been archived by the owner on Mar 25, 2021. It is now read-only.

Upgrade diff to 4.0.1 #4852

Merged
merged 2 commits into from
Sep 9, 2019
Merged

Upgrade diff to 4.0.1 #4852

merged 2 commits into from
Sep 9, 2019

Conversation

akshayas
Copy link
Contributor

@akshayas akshayas commented Sep 9, 2019

PR checklist

  • Addresses an existing issue: fixes #0000
  • New feature, bugfix, or enhancement
    • Includes tests
  • Documentation update

Overview of change:

Github/dependabot reported a high severity bug with jsdiff. The exact wording is

WS-2018-0590 More information
high severity
Vulnerable versions: < 3.5.0
Patched version: 3.5.0
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

This diff bumps up the version to the latest available jsdiff 4.0.1.

Is there anything you'd like reviewers to focus on?

No

CHANGELOG.md entry:

N/A

@palantirtech
Copy link
Member

Thanks for your interest in palantir/tslint, @akshayas! Before we can accept your pull request, you need to sign our contributor license agreement - just visit https://cla.palantir.com/ and follow the instructions. Once you sign, I'll automatically update this pull request.

@adidahiya
Copy link
Contributor

thanks @akshayas

@adidahiya adidahiya merged commit 7659cd9 into palantir:master Sep 9, 2019
@akshayas akshayas deleted the asrivatsa_upgrade_diff branch September 10, 2019 00:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants