Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #16629, upgrade tree-kill to 1.2.2 to fix security issue #16651

Closed
wants to merge 1 commit into from

Conversation

@paulvandenburg
Copy link

paulvandenburg commented Jan 13, 2020

No description provided.

@googlebot

This comment has been minimized.

Copy link

googlebot commented Jan 13, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.


What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added the cla: no label Jan 13, 2020
@paulvandenburg

This comment has been minimized.

Copy link
Author

paulvandenburg commented Jan 13, 2020

@googlebot I signed it!

@googlebot

This comment has been minimized.

Copy link

googlebot commented Jan 13, 2020

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added cla: yes and removed cla: no labels Jan 13, 2020
This fixes the security vulnerability in tree-kill versions 1.2.1 and below.
A possible Command Injection on Windows based systems.
See the npm advisory: https://www.npmjs.com/advisories/1432

Fixes #16629
@alan-agius4

This comment has been minimized.

Copy link
Collaborator

alan-agius4 commented Jan 13, 2020

Thanks for your contribution. However, this has already been addressed in #16639, #16634 and #16636.

@paulvandenburg paulvandenburg deleted the paulvandenburg:sec-update-tree-kill branch Jan 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.