Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade: bump inquirer to ^7.0.0 #12440

Merged
merged 1 commit into from Oct 17, 2019
Merged

Conversation

@josgraha
Copy link
Contributor

@josgraha josgraha commented Oct 15, 2019

What is the purpose of this pull request? (put an "X" next to item)
Bump inquirer package to ^7.0.0 because 6.x depends on lodash@4.17.12 which has Snyk Issue

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[x] Other, please explain:
Bump inquirer package to ^7.0.0 because 6.x depends on lodash@4.17.12 which has Snyk Issue

What changes did you make? (Give an overview)

Is there anything you'd like reviewers to focus on?

@jsf-clabot
Copy link

@jsf-clabot jsf-clabot commented Oct 15, 2019

CLA assistant check
All committers have signed the CLA.

@eslint-deprecated eslint-deprecated bot added the triage label Oct 15, 2019
@platinumazure platinumazure added cli upgrade and removed triage labels Oct 15, 2019
@platinumazure
Copy link
Member

@platinumazure platinumazure commented Oct 15, 2019

Hi @josgraha, thanks for the PR!

I want to test this locally tonight, then I'll approve the changes. I'll leave this open in case others want to review.

@platinumazure
Copy link
Member

@platinumazure platinumazure commented Oct 15, 2019

Note to merger: Commit message needs to start with "Upgrade:"

Copy link
Member

@platinumazure platinumazure left a comment

Looks good to me, thanks for contributing!

@josgraha josgraha force-pushed the josgraha:security/inquirer branch from 1b25f77 to cc9d7e4 Oct 17, 2019
@josgraha
Copy link
Contributor Author

@josgraha josgraha commented Oct 17, 2019

I'm sorry folks but I misread the Snyk Issue which only applies to lodash prior to 4.17.12, I don't think this is required unless we just want to upgrade to the latest lodash in transitive dependencies

@josgraha josgraha force-pushed the josgraha:security/inquirer branch from cc9d7e4 to 643d6be Oct 17, 2019
@platinumazure
Copy link
Member

@platinumazure platinumazure commented Oct 17, 2019

Hi @josgraha, thanks for following up.

I think we can accept this upgrade anyway as it's pretty low risk, and dependency upgrades are something we sometimes struggle with here. So, I appreciate this contribution nonetheless. Thanks!

@g-plane g-plane changed the title [Security] bump inquirer to ^7.0.0 Upgrade: bump inquirer to ^7.0.0 Oct 17, 2019
@platinumazure platinumazure merged commit 561093f into eslint:master Oct 17, 2019
16 checks passed
16 checks passed
Verify Files
Details
Test (ubuntu-latest, 8.x)
Details
Test (ubuntu-latest, 10.x)
Details
Test (ubuntu-latest, 12.x)
Details
Test (windows-latest, 12.x)
Details
Test (macOS-latest, 12.x)
Details
Browser Test
Details
commit-message Commit message follows guidelines
Details
continuous-integration Build #20191017.2 succeeded
Details
continuous-integration (Test on Node.js 10 (Linux)) Test on Node.js 10 (Linux) succeeded
Details
continuous-integration (Test on Node.js 12 (Linux)) Test on Node.js 12 (Linux) succeeded
Details
continuous-integration (Test on Node.js 12 (Windows)) Test on Node.js 12 (Windows) succeeded
Details
continuous-integration (Test on Node.js 12 (macOS)) Test on Node.js 12 (macOS) succeeded
Details
continuous-integration (Test on Node.js 8 (Linux)) Test on Node.js 8 (Linux) succeeded
Details
licence/cla Contributor License Agreement is signed.
Details
release-monitor No patch release is pending
Details
@josgraha josgraha deleted the josgraha:security/inquirer branch Oct 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants