Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump async from 3.2.1 to 3.2.4 #261

Merged
merged 1 commit into from Dec 22, 2022
Merged

Bump async from 3.2.1 to 3.2.4 #261

merged 1 commit into from Dec 22, 2022

Conversation

nkurihar
Copy link
Contributor

Fix the following vulnerability issue.

% npm audit               
# npm audit report

async  3.0.0 - 3.2.1
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/grunt-legacy-util/node_modules/async

1 high severity vulnerability

To address all issues, run:
  npm audit fix

@BewareMyPower BewareMyPower merged commit 4f1c220 into apache:master Dec 22, 2022
RobertIndie pushed a commit that referenced this pull request Dec 23, 2022
@nkurihar @RobertIndie
Bump async from 3.2.1 to 3.2.4 (#261)
0ce9cd0
@RobertIndie RobertIndie added this to the 1.8.0 milestone Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BewareMyPower BewareMyPower BewareMyPower approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nkurihar @BewareMyPower @RobertIndie