Skip to content
This repository has been archived by the owner on Jul 24, 2019. It is now read-only.

Dependencies: change tilde to caret #746

Merged
merged 1 commit into from
Nov 2, 2017
Merged

Dependencies: change tilde to caret #746

merged 1 commit into from
Nov 2, 2017

Conversation

avindra
Copy link
Contributor

@avindra avindra commented Oct 3, 2017

Most immediately, this will fix #745

and will obviate the need for constant fixes like

#742
#679
#732
#698
#653

Particularly, this will be helpful from a maintenance perspective, as these dependencies will likely have multiple security patches in the future.

This change will also allow npm / yarn to better dedupe dependencies.

@avindra
Copy link
Contributor Author

avindra commented Oct 31, 2017

@jfuchs @nicks

A critical security fix has just been released for extract-zip:

max-mapper/extract-zip@v1.6.5...v1.6.6

If you accept this PR, then people installing phantomJS will automatically get the fix as a dependency.

🙏 Please do this so that the people still actually using this project aren't bitten for it.

@avindra
Copy link
Contributor Author

avindra commented Oct 31, 2017

I just pushed a commit to make sure package.json is bumped up in the PATCH section of the semver tag.

All we would need after merging is a publish to npm 🙏

Most immediately, this will fix #745

and will obviate the need for constant fixes like

#742
#679
#732
#698
#653

Particularly, this will be helpful from a maintenance perspective, as these dependencies will likely have multiple security patches in the future.

This change will also allow `npm` / `yarn` to better dedupe dependencies.
@jfuchs jfuchs merged commit 0cc1407 into Medium:master Nov 2, 2017
@avindra avindra deleted the patch-1 branch November 2, 2017 19:03
@jfuchs
Copy link
Contributor

jfuchs commented Nov 2, 2017

should be published now!

@JBlackCat
Copy link

JBlackCat commented Nov 3, 2017

@jfuchs See #753

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Vulnerability in sub-dependency, "debug"
3 participants