-
-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: bump version of minimatch due to security issue PRISMA-2022-0039 #15774
Conversation
|
Hi @opravil-jan!, thanks for the Pull Request The first commit message isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.
To Fix: You can fix this problem by running Read more about contributing to ESLint here |
1 similar comment
Hi @opravil-jan!, thanks for the Pull Request The first commit message isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.
To Fix: You can fix this problem by running Read more about contributing to ESLint here |
Hi @opravil-jan!, thanks for the Pull Request The first commit message isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.
To Fix: You can fix this problem by running Read more about contributing to ESLint here |
This is breaking some tests. Please take a look and address. Please note: the security issue is for running minimatch in a server, not on a command line. |
How can I debug windows tests on linux. I do not have windows system in my reach to run this failing tests on it. How do you run tests for windows on no windows pc? Thanks |
Hmm, I don’t have an answer for that, but we clearly can’t merge this if it breaks functionality on Windows. We can see if anyone else volunteers to look into it, but this will be a low priority for the team. |
Is the issue fixed in minimatch v3.1.2? If updating the dependency requirement to |
❌ Deploy Preview for docs-eslint failed.
|
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [eslint](https://eslint.org) ([source](https://github.com/eslint/eslint)) | devDependencies | minor | [`8.14.0` -> `8.15.0`](https://renovatebot.com/diffs/npm/eslint/8.14.0/8.15.0) | --- ### Release Notes <details> <summary>eslint/eslint</summary> ### [`v8.15.0`](https://github.com/eslint/eslint/releases/v8.15.0) [Compare Source](eslint/eslint@v8.14.0...v8.15.0) #### Features - [`ab37d3b`](eslint/eslint@ab37d3b) feat: add `enforceInClassFields` option to no-underscore-dangle ([#​15818](eslint/eslint#15818)) (Roberto Cestari) #### Bug Fixes - [`8bf9440`](eslint/eslint@8bf9440) fix: "use strict" should not trigger strict mode in ES3 ([#​15846](eslint/eslint#15846)) (Milos Djermanovic) #### Documentation - [`28116cc`](eslint/eslint@28116cc) docs: update AST node names link in no-restricted-syntax ([#​15843](eslint/eslint#15843)) (Milos Djermanovic) - [`272965f`](eslint/eslint@272965f) docs: fix h1 heading on formatters page ([#​15834](eslint/eslint#15834)) (Milos Djermanovic) - [`a798166`](eslint/eslint@a798166) docs: update example for running individual rule tests ([#​15833](eslint/eslint#15833)) (Milos Djermanovic) - [`57e732b`](eslint/eslint@57e732b) docs: mark `SourceCode#getJSDocComment` deprecated in working-with-rules ([#​15829](eslint/eslint#15829)) (Milos Djermanovic) - [`9a90abf`](eslint/eslint@9a90abf) docs: update docs directory in working-with-rules ([#​15830](eslint/eslint#15830)) (Milos Djermanovic) - [`810adda`](eslint/eslint@810adda) docs: add more examples for prefer-object-spread ([#​15831](eslint/eslint#15831)) (coderaiser) - [`06b1edb`](eslint/eslint@06b1edb) docs: clarify no-control-regex rule ([#​15808](eslint/eslint#15808)) (Milos Djermanovic) - [`9ecd42f`](eslint/eslint@9ecd42f) docs: Fixed typo in code comment ([#​15812](eslint/eslint#15812)) (Addison G) - [`de992b7`](eslint/eslint@de992b7) docs: remove links to 2fa document ([#​15804](eslint/eslint#15804)) (Milos Djermanovic) - [`5222659`](eslint/eslint@5222659) docs: fix 'Related Rules' heading in no-constant-binary-expression ([#​15799](eslint/eslint#15799)) (Milos Djermanovic) - [`e70ae81`](eslint/eslint@e70ae81) docs: Update README team and sponsors (ESLint Jenkins) #### Chores - [`1ba6a92`](eslint/eslint@1ba6a92) chore: upgrade [@​eslint/eslintrc](https://github.com/eslint/eslintrc)[@​1](https://github.com/1).2.3 ([#​15847](eslint/eslint#15847)) (Milos Djermanovic) - [`8167aa7`](eslint/eslint@8167aa7) chore: bump version of minimatch due to security issue PRISMA-2022-0039 ([#​15774](eslint/eslint#15774)) (Jan Opravil) - [`b8995a4`](eslint/eslint@b8995a4) chore: Implement docs site ([#​15815](eslint/eslint#15815)) (Nicholas C. Zakas) - [`6494e3e`](eslint/eslint@6494e3e) chore: update link in `codeql-analysis.yml` ([#​15817](eslint/eslint#15817)) (Milos Djermanovic) - [`36503ec`](eslint/eslint@36503ec) chore: enable no-constant-binary-expression in eslint-config-eslint ([#​15807](eslint/eslint#15807)) (唯然) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: cabr2-bot <cabr2.help@gmail.com> Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1343 Reviewed-by: Epsilon_02 <epsilon_02@noreply.codeberg.org> Co-authored-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org> Co-committed-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org>
…39 (eslint#15774) * fix: bump version of minimatch due to security issue PRISMA-2022-0039 * Update package.json Co-authored-by: Milos Djermanovic <milos.djermanovic@gmail.com>
…-2022-0039 (eslint#15774)" This reverts commit 4643f3a.
Prerequisites checklist
What is the purpose of this pull request? (put an "X" next to an item)
[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofix to a rule
[ ] Add a CLI option
[ ] Add something to the core
[x ] Other, please explain: fixing security issue by bump package version
What changes did you make? (Give an overview)
Is there anything you'd like reviewers to focus on?