New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities #23063
Conversation
This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455). This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421).
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 馃摑 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
鈩癸笍 Googlers: Go here for more info. |
I signed it! |
CLAs look good, thanks! 鈩癸笍 Googlers: Go here for more info. |
/cc @cvializ |
@@ -28,7 +28,7 @@ | |||
"promise-pjs": "1.1.3", | |||
"prop-types": "15.7.2", | |||
"react-dates": "15.5.3", | |||
"rrule": "2.2.0", | |||
"rrule": "2.6.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs an accompanying change to yarn.lock
. You can generate it by running yarn
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rsimha I tried running yarn
, but it did not work properly in my local environment.
Am I supposed to set up my own Travis CI environment or run the command locally on my computer?
Is there a way someone else can run yarn to modify my PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assigned this to @cvializ
Did the git-fu to add yarn.lock |
I never tried |
Ah sorry I was unclear, I meant I did the git commands to check out your branch, run |
@rsimha PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for sending out this PR, @PatOnTheBack. And thanks for seeing it through, @cvializ!
* Update to rrule 2.6.2 to Fix Vulnerabilities This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455). This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421). * Add yarn.lock * Skip flaky sidebar e2e in shadow-demo
* Update to rrule 2.6.2 to Fix Vulnerabilities This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455). This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421). * Add yarn.lock * Skip flaky sidebar e2e in shadow-demo
This fixes a high severity DoS vulnerability found by Snyk.
This also fixes a medium severity DoS vulnerability found by Snyk.