Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VSCode: Security vulnerabilities found in dependent libraries fixed. #5207

Merged
merged 1 commit into from
Jan 5, 2023
Merged

VSCode: Security vulnerabilities found in dependent libraries fixed. #5207

merged 1 commit into from
Jan 5, 2023

Conversation

dbalek
Copy link
Contributor

@dbalek dbalek commented Jan 5, 2023

Fixing security vulnerabilities reported for dependent libraries:

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
  mocha  5.1.0 - 9.2.1
  Depends on vulnerable versions of minimatch

@dbalek dbalek added LSP [ci] enable Language Server Protocol tests VSCode Extension [ci] enable VSCode Extension tests labels Jan 5, 2023
@dbalek dbalek added this to the NB17 milestone Jan 5, 2023
@dbalek dbalek merged commit f93a3a1 into apache:master Jan 5, 2023
@dbalek dbalek deleted the dbalek/vscode-security-vulnerability branch January 5, 2023 11:04
@MartinBalin MartinBalin mentioned this pull request Jan 5, 2023
Merged
pepness pushed a commit to pepness/incubator-netbeans that referenced this pull request Jan 9, 2023
@dbalek @pepness
VSCode: Security vulnerabilities found in dependent libraries fixed. (a…
79aa1f7 
…pache#5207)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MartinBalin MartinBalin MartinBalin approved these changes

Assignees
No one assigned
Labels
LSP [ci] enable Language Server Protocol tests VSCode Extension [ci] enable VSCode Extension tests
Projects
None yet
Milestone
NB17
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dbalek @MartinBalin