Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): force minimist >=1.2.6 for CVE-2021-44906 #1944

Merged
merged 1 commit into from
Mar 23, 2022
Merged

fix(deps): force minimist >=1.2.6 for CVE-2021-44906 #1944

merged 1 commit into from
Mar 23, 2022

Conversation

petermetz
Copy link
Contributor

Ensures that yarn will only install 1.2.6 or newer versions for
minimist.

The proper fix would be to have the dependencies issue releases
which upgrade their own (transitive) dependencies of minimist
so that we don't have to explicitly force it here, but at the time
of this writing these upgrades in our direct dependencies are just
not available yet.

Fixes #1943

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

@petermetz
fix(deps): force minimist >=1.2.6 for CVE-2021-44906
526839b 
Ensures that yarn will only install 1.2.6 or newer versions for
minimist.

The proper fix would be to have the dependencies issue releases
which upgrade their own (transitive) dependencies of minimist
so that we don't have to explicitly force it here, but at the time
of this writing these upgrades in our direct dependencies are just
not available yet.

Fixes hyperledger-cacti#1943

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz requested review from izuru0, jagpreetsinghsasan and takeutak and removed request for jonathan-m-hamilton March 23, 2022 04:55
@petermetz petermetz added dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Mar 23, 2022
@takeutak takeutak merged commit b96806a into hyperledger-cacti:main Mar 23, 2022
@petermetz petermetz deleted the petermetz/issue1943 branch March 23, 2022 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@takeutak takeutak takeutak approved these changes

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(deps): force minimist >=1.2.6 for CVE-2021-44906
3 participants
@petermetz @jagpreetsinghsasan @takeutak