New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update some insecure dependencies #1841

Merged
merged 2 commits into from May 10, 2018

Conversation

Projects
1 participant
@ricardograca
Copy link
Member

ricardograca commented May 10, 2018

Introduction

Update mysql and lodash to their latest versions.

Motivation

There were some security issues recently with these two dependencies. More info:

ricardograca added some commits May 10, 2018

Update lodash to the latest version
- Required to fix a Prototype Pollution vulnerability in lodash prior to
version 4.17.5: https://nodesecurity.io/advisories/577
Update mysql to the latest version
- Required to fix a Remote Memory Exposure vulnerability in mysql prior
to version 2.14.0: https://nodesecurity.io/advisories/602

@ricardograca ricardograca added this to To Do in Version 0.14.0 via automation May 10, 2018

@ricardograca ricardograca merged commit 10fd039 into master May 10, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

Version 0.14.0 automation moved this from To Do to Done May 10, 2018

@ricardograca ricardograca deleted the rg-update-depdencies branch May 10, 2018

@ricardograca ricardograca changed the title Update some insecure depdencies Update some insecure dependencies Nov 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment