Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): CVE-2021-23337 in inquirer->lodash #303

Merged
merged 1 commit into from
May 14, 2021
Merged

chore(deps): CVE-2021-23337 in inquirer->lodash #303

merged 1 commit into from
May 14, 2021

Conversation

greyscaled
Copy link
Contributor

@greyscaled greyscaled commented May 12, 2021
edited

Resolves: #302

What: Bump minimum version of inquirer within 7 from 7.0.4 to 7.3.3

Why: Address CVE-2021-23337 in inquirer->lodash

How: yarn upgrade inquirer@^7.3.3

Checklist:

@greyscaled
Copy link
Contributor Author

@all-contributors please thank @vapurrmaid for reporting and fixing a security bug

@allcontributors
Copy link
Contributor

@vapurrmaid

I could not determine your intention.

Basic usage: @all-contributors please add @Someone for code, doc and infra

For other usages see the documentation

@greyscaled
Copy link
Contributor Author

@all-contributors please thank @vapurrmaid for bug, security

@allcontributors
Copy link
Contributor

@vapurrmaid

I could not determine your intention.

Basic usage: @all-contributors please add @Someone for code, doc and infra

For other usages see the documentation

@greyscaled
Copy link
Contributor Author

@all-contributors please add @vapurrmaid for reporting and fixing a security bug

@allcontributors allcontributors bot mentioned this pull request May 12, 2021
Merged
@allcontributors
Copy link
Contributor

@vapurrmaid

I've put up a pull request to add @vapurrmaid! 🎉

@greyscaled greyscaled changed the title security: Fix CVE-2021-23337 in inquirer->lodash chore(deps): CVE-2021-23337 in inquirer->lodash May 12, 2021
Berkmann18
Berkmann18 approved these changes May 14, 2021
View reviewed changes
Copy link
Member

@Berkmann18 Berkmann18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this.

@Berkmann18 Berkmann18 merged commit 4be9bff into all-contributors:master May 14, 2021
@all-contributors-release-bot
Copy link
Member

🎉 This PR is included in version 6.20.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

tenshiAMD added a commit that referenced this pull request Sep 13, 2022
@tenshiAMD
Merge remote-tracking branch 'origin/master' into feat/style-table
6744c99 
* origin/master: (85 commits)
  refactor: log full error stack on error (#316)
  chore: fix status badges (#315)
  docs: add JoshuaKGoldberg as a contributor for bug (#314)
  fix: incorrect usage of `tbody` (#311)
  fix: trim `nextLink` before slicing (#309)
  fix: set default value as `7` for `contributorsPerLine` (#139)
  chore(deps): bump dependencies and devDeps (#298)
  refactor: add tbody to contributors table (#307)
  docs: add Lucas-C as a contributor for doc (#306)
  fix: scriptName + improving usage messages (#305)
  docs: add vapurrmaid as a contributor (#304)
  chore(deps): CVE-2021-23337 in inquirer->lodash (#303)
  docs: add SirWindfield as a contributor (#297)
  feat: add namespaced token (#296)
  docs: add LaChapeliere as a contributor (#292)
  feat(contribution-types): add research contribution type (#291)
  docs: add darekkay as a contributor (#290)
  feat: display a meaningful error when the config file is missing (#288)
  docs: add melink14 as a contributor (#285)
  docs: add jdalrymple as a contributor (#264)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Berkmann18 Berkmann18 Berkmann18 approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2021-23337 in transitive dependency lodash
3 participants
@greyscaled @all-contributors-release-bot @Berkmann18