Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies #3655

Merged
merged 14 commits into from
May 20, 2021
Merged

Upgrade dependencies #3655

merged 14 commits into from
May 20, 2021

Conversation

jo-arroyo
Copy link
Collaborator

@jo-arroyo jo-arroyo commented May 18, 2021
edited
Loading

This PR:

  • Upgrades y18n to fix prototype pollution vulnerability in msal-browser and msal-react. Addresses CVE-2020-7774.
  • Upgrades ssri to fix Regular Expression Denial of Service for msal-browser
  • Upgrades ini to fix prototype pollution for msal-angular
  • Upgrades chai in msal-core to fix pathval vulnerability. Addresses CVE-2020-7751.
  • Regenerates package-lock.json to remove chai and pathval

@jo-arroyo jo-arroyo changed the title [msal-browser] Update y18n dependency Upgrade y18n dependency May 18, 2021
@github-actions github-actions bot added the msal-browser Related to msal-browser package label May 18, 2021
@coveralls
Copy link

coveralls commented May 18, 2021
edited
Loading

Coverage Status

Coverage decreased (-4.7%) to 80.946% when pulling 3f74f3b on update-y18n into 04b6bd4 on dev.

@github-actions github-actions bot added the msal-react Related to @azure/msal-react label May 18, 2021
@github-actions github-actions bot added the msal-angular Related to @azure/msal-angular package label May 18, 2021
@jo-arroyo jo-arroyo changed the title Upgrade y18n dependency Upgrade dependencies May 19, 2021
@jo-arroyo jo-arroyo marked this pull request as ready for review May 19, 2021 23:48
@github-actions github-actions bot removed the msal-browser Related to msal-browser package label May 19, 2021
@github-actions github-actions bot added the msal-browser Related to msal-browser package label May 20, 2021
@github-actions github-actions bot added msal-common Related to msal-common package msal-node Related to msal-node package msal@1.x Related to msal@1.x (implicit flow) labels May 20, 2021
@jasonnutter jasonnutter merged commit 0b9f138 into dev May 20, 2021
@jasonnutter jasonnutter deleted the update-y18n branch May 20, 2021 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnorling tnorling tnorling approved these changes

@pkanher617 pkanher617 pkanher617 approved these changes

@jasonnutter jasonnutter Awaiting requested review from jasonnutter

@hectormmg hectormmg Awaiting requested review from hectormmg hectormmg is a code owner

@sameerag sameerag Awaiting requested review from sameerag sameerag is a code owner

@samuelkubai samuelkubai Awaiting requested review from samuelkubai

Assignees
No one assigned
Labels
msal@1.x Related to msal@1.x (implicit flow) msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package msal-common Related to msal-common package msal-node Related to msal-node package msal-react Related to @azure/msal-react
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jo-arroyo @coveralls @tnorling @pkanher617 @jasonnutter