Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dev-dep): bump verdaccio - dompurify for sec review #2114

Merged
merged 1 commit into from
Mar 8, 2021
Merged

fix(dev-dep): bump verdaccio - dompurify for sec review #2114

merged 1 commit into from
Mar 8, 2021

Conversation

alexforsyth
Copy link
Contributor

@alexforsyth alexforsyth commented Mar 8, 2021
edited
Loading

Issue

Bumping dompurify past 2.0.17 due to GHSA-63q7-h895-m982. This is a minor fix since verdaccio is a dev dependency and does not make it into runtime code.

Issue number, if available, prefixed with "#"

Description

What does this implement/fix? Explain your changes.

Testing

How was this change tested?

Additional context

Add any other context about the PR here.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@alexforsyth alexforsyth changed the title fix(dev-dep): bump verdeccio - dompurify for sec review fix(dev-dep): bump verdaccio - dompurify for sec review Mar 8, 2021
@aws-sdk-js-automation
Copy link

AWS CodeBuild CI Report

  • CodeBuild project: sdk-staging-test
  • Commit ID: 3cd7178
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@alexforsyth alexforsyth merged commit e8d9c65 into aws:main Mar 8, 2021
This was referenced Mar 12, 2021
Closed
Merged
Closed
Merged
Closed
Closed
Merged
Merged
Merged
Closed
Closed
Closed
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 23, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AllanZhengYP AllanZhengYP AllanZhengYP approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@alexforsyth @aws-sdk-js-automation @AllanZhengYP