Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update meta-marked to fix possible vulnerabilities #42

Merged
merged 2 commits into from Apr 12, 2019
Merged

Update meta-marked to fix possible vulnerabilities #42

merged 2 commits into from Apr 12, 2019

Conversation

SISheogorath
Copy link
Contributor

@SISheogorath SISheogorath commented Apr 10, 2019
edited

Snyk informed us about possible vulnerabilities in meta-marked. It seems
like at least some of them were already address by HackMD around a year
ago but never pushed upstream to CodiMD.

This patch provides a fix by using an up-to-date dependency from our own
repository with CI integration.

Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129

@SISheogorath
Update meta-marked to fix possible vulnerabilities
e014a73 
Snyk informed us about possible vulnerabilities in meta-marked. It seems
like at least some of them were already address by HackMD around a year
ago but never pushed upstream to CodiMD.

This patch provides a fix by using an up-to-date dependency from our own
repository with CI integration.

Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath SISheogorath added the type: bug Something isn't working label Apr 10, 2019
@SISheogorath SISheogorath added this to the Release 1.4.0 milestone Apr 10, 2019
@SISheogorath
Update yarn to version 1.15.2
32f6037 
The yarn version we use in CI is quite outdated. This brings up the
problem that it doesn't support semver for git repositories. In order to
fix that problem updating yarn seems to be the right thing to do.

This patch should fix the CI problem caused by the semver git URL.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
@SISheogorath SISheogorath merged commit 2b99ed6 into hedgedoc:master Apr 12, 2019
@SISheogorath SISheogorath deleted the fix/meta-marked branch April 12, 2019 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccoenen ccoenen Awaiting requested review from ccoenen

Assignees
No one assigned
Labels
type: bug Something isn't working
Projects
None yet
Milestone
Release 1.4.0
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@SISheogorath