Skip to content

fix(@angular-devkit/build-angular): update less library to version 3.11.3 #17898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 10, 2020
Merged

fix(@angular-devkit/build-angular): update less library to version 3.11.3 #17898

merged 1 commit into from
Jun 10, 2020

Conversation

vishnutsivan
Copy link

less@3.11.1 has dependency with acorn@6.3.0 which has vulnerability issues

alan-agius4
alan-agius4 requested changes Jun 10, 2020
View reviewed changes
Copy link
Collaborator

@alan-agius4 alan-agius4 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this.

Kindly update the lock file and also re-write the commit message as per our commit guidelines, see: https://github.com/angular/angular-cli/blob/master/CONTRIBUTING.md#-commit-message-guidelines.

@vishnutsivan vishnutsivan mentioned this pull request Jun 10, 2020
Closed
@vishnutsivan vishnutsivan changed the title Update less library to version 3.11.3 build: Update less library to version 3.11.3 Jun 10, 2020
@alan-agius4 alan-agius4 added the action: cleanup The PR is in need of cleanup, either due to needing a rebase or in response to comments from reviews label Jun 10, 2020
@vishnutsivan
Copy link
Author

@alan-agius4 should I make new pull request? and I didnt find lock file for this project

@alan-agius4
Copy link
Collaborator

As you prefer, but you can push with force on this branch with a valid commit messages and the changes.

The commit should be something like

fix(@angular-devkit/build-angular): update less library to version 3.11.3

Closes:  #17899

The lock file is in the root of the repository.

@vishnutsivan vishnutsivan changed the title build: Update less library to version 3.11.3 build: update less library to version 3.11.3 Jun 10, 2020
@vishnutsivan vishnutsivan changed the title build: update less library to version 3.11.3 fix(@angular-devkit/build-angular): update less library to version 3.11.3 Jun 10, 2020
@vishnutsivan
Copy link
Author

vishnutsivan commented Jun 10, 2020
edited
Loading

@alan-agius4 There are some errors for ci/circleci: test-large. Can you help me on solving this?

@alan-agius4
Copy link
Collaborator

@vishnutsivan, let me have a look.

@alan-agius4 alan-agius4 added target: lts This PR is targeting a version currently in long-term support and removed action: cleanup The PR is in need of cleanup, either due to needing a rebase or in response to comments from reviews labels Jun 10, 2020
alan-agius4
alan-agius4 approved these changes Jun 10, 2020
View reviewed changes
Copy link
Collaborator

@alan-agius4 alan-agius4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. thanks.

@alan-agius4 alan-agius4 linked an issue Jun 10, 2020 that may be closed by this pull request
Vulnerability with acorn #17899
Closed
@alan-agius4 alan-agius4 added the action: merge The PR is ready for merge by the caretaker label Jun 10, 2020
@vishnutsivan
Copy link
Author

@alan-agius4 one check is pending for long time
ci/angular: merge status Pending — Missing required status "ci/circleci: integration"

Will it take more time?

@alan-agius4
Copy link
Collaborator

alan-agius4 commented Jun 10, 2020
edited
Loading

@vishnutsivan, don’t worry about that. The step is no available on the v9 branch.

@vishnutsivan
Copy link
Author

@alan-agius4 May I know why its not getting merged?

@alan-agius4
Copy link
Collaborator

Hi there, It will get merged later on by the caretaker when he is merging other PRs.

@filipesilva filipesilva merged commit 23aad0a into angular:9.1.x Jun 10, 2020
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jul 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker target: lts This PR is targeting a version currently in long-term support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability with acorn
4 participants
@vishnutsivan @alan-agius4 @filipesilva @googlebot