Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update some insecure dependencies #1841

Merged
merged 2 commits into from May 10, 2018
Merged

Update some insecure dependencies #1841

merged 2 commits into from May 10, 2018

Conversation

@ricardograca
Copy link
Member

@ricardograca ricardograca commented May 10, 2018

Introduction

Update mysql and lodash to their latest versions.

Motivation

There were some security issues recently with these two dependencies. More info:

- Required to fix a Prototype Pollution vulnerability in lodash prior to
version 4.17.5: https://nodesecurity.io/advisories/577
- Required to fix a Remote Memory Exposure vulnerability in mysql prior
to version 2.14.0: https://nodesecurity.io/advisories/602
@ricardograca ricardograca added this to To Do in Version 0.14.0 via automation May 10, 2018
@ricardograca ricardograca merged commit 10fd039 into master May 10, 2018
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
Version 0.14.0 automation moved this from To Do to Done May 10, 2018
@ricardograca ricardograca deleted the rg-update-depdencies branch May 10, 2018
@ricardograca ricardograca changed the title Update some insecure depdencies Update some insecure dependencies Nov 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant