Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade diff to 4.0.1 #4852

Merged
merged 2 commits into from Sep 9, 2019

Conversation

@akshayas
Copy link
Contributor

commented Sep 9, 2019

PR checklist

  • Addresses an existing issue: fixes #0000
  • New feature, bugfix, or enhancement
    • Includes tests
  • Documentation update

Overview of change:

Github/dependabot reported a high severity bug with jsdiff. The exact wording is

WS-2018-0590 More information
high severity
Vulnerable versions: < 3.5.0
Patched version: 3.5.0
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

This diff bumps up the version to the latest available jsdiff 4.0.1.

Is there anything you'd like reviewers to focus on?

No

CHANGELOG.md entry:

N/A

@palantirtech

This comment has been minimized.

Copy link
Member

commented Sep 9, 2019

Thanks for your interest in palantir/tslint, @akshayas! Before we can accept your pull request, you need to sign our contributor license agreement - just visit https://cla.palantir.com/ and follow the instructions. Once you sign, I'll automatically update this pull request.

@adidahiya

This comment has been minimized.

Copy link
Member

commented Sep 9, 2019

thanks @akshayas

@adidahiya adidahiya merged commit 7659cd9 into palantir:master Sep 9, 2019
14 checks passed
14 checks passed
ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: checkout-code Your tests passed on CircleCI!
Details
ci/circleci: clean-lockfile Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: test2.1 Your tests passed on CircleCI!
Details
ci/circleci: test2.4 Your tests passed on CircleCI!
Details
ci/circleci: test2.7 Your tests passed on CircleCI!
Details
ci/circleci: test2.8 Your tests passed on CircleCI!
Details
ci/circleci: test2.9 Your tests passed on CircleCI!
Details
ci/circleci: test3.0 Your tests passed on CircleCI!
Details
ci/circleci: testNext Your tests passed on CircleCI!
Details
ci/circleci: testRc Your tests passed on CircleCI!
Details
cla/palantir CLA signed on 2019-09-09 22:15 UTC+00:00
Details
@akshayas akshayas deleted the akshayas:asrivatsa_upgrade_diff branch Sep 10, 2019
@adidahiya adidahiya referenced this pull request Sep 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.