Skip to content
This repository has been archived by the owner. It is now read-only.

Upgrade diff to 4.0.1 #4852

merged 2 commits into from Sep 9, 2019

Upgrade diff to 4.0.1 #4852

merged 2 commits into from Sep 9, 2019


Copy link

@akshayas akshayas commented Sep 9, 2019

PR checklist

  • Addresses an existing issue: fixes #0000
  • New feature, bugfix, or enhancement
    • Includes tests
  • Documentation update

Overview of change:

Github/dependabot reported a high severity bug with jsdiff. The exact wording is

WS-2018-0590 More information
high severity
Vulnerable versions: < 3.5.0
Patched version: 3.5.0
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

This diff bumps up the version to the latest available jsdiff 4.0.1.

Is there anything you'd like reviewers to focus on?

No entry:


Copy link

palantirtech commented Sep 9, 2019

Thanks for your interest in palantir/tslint, @akshayas! Before we can accept your pull request, you need to sign our contributor license agreement - just visit and follow the instructions. Once you sign, I'll automatically update this pull request.

Copy link

adidahiya commented Sep 9, 2019

thanks @akshayas

@adidahiya adidahiya merged commit 7659cd9 into palantir:master Sep 9, 2019
14 checks passed
@akshayas akshayas deleted the asrivatsa_upgrade_diff branch Sep 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants