Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update standard-version dep #1555

Merged
merged 1 commit into from
May 8, 2019
Merged

chore: update standard-version dep #1555

merged 1 commit into from
May 8, 2019

Conversation

straker
Copy link
Contributor

@straker straker commented May 8, 2019
edited by scurker
Loading

Our npm run retire script is failing CricleCI because Handlebars 4.0.0 has a high severity issue.

handlebars 4.1.0 has known vulnerabilities: severity: high; summary: A prototype pollution 
vulnerability in handlebars may lead to remote code execution if an attacker can control 
the template; 
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183 
https://github.com/wycats/handlebars.js/issues/1495 
https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e

standard-version brings in Handlebars and the latest version fixes the issue.

Reviewer checks

Required fields, to be filled out by PR reviewer(s)

  • Follows the commit message policy, appropriate for next version
  • Has documentation updated, a DU ticket, or requires no documentation change
  • Includes new tests, or was unnecessary
  • Code is reviewed for security by: Jason

scurker
scurker approved these changes May 8, 2019
View reviewed changes
Copy link
Member

@scurker scurker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@straker straker merged commit 727323c into develop May 8, 2019
@straker straker deleted the upgradeStandardVersion branch May 8, 2019 16:52
stephenmathieson added a commit to mohanraj-r/axe-core that referenced this pull request May 10, 2019
@stephenmathieson
Merge branch 'develop' into patch-1
72dfa47 
* develop:
  feat(reporter): adds the rawEnv reporter which wraps raw and env data (dequelabs#1556)
  chore(i18n): Update Japanese locale (dequelabs#1549)
  fix(utils): make cache global instead of only setup in axe.run (dequelabs#1535)
  fix(aria-required-attr): don't require aria-valuemin/max (dequelabs#1529)
  docs: fixed small errors (dequelabs#1545)
  fix: check if property exists in cache of flattenedTree (dequelabs#1536)
  chore: update standard-version dep (dequelabs#1555)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scurker scurker scurker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@straker @scurker