Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lru-memoizer to 2.0.1 #106

Merged
merged 1 commit into from
Aug 26, 2019
Merged

Update lru-memoizer to 2.0.1 #106

merged 1 commit into from
Aug 26, 2019

Conversation

sobil
Copy link
Contributor

@sobil sobil commented Aug 26, 2019
edited
Loading

Description

lru-memorizer had unused dependency on lodash being detected by snyk.io

This was removed here jfromaniello/lru-memoizer@c2cf36d

References

Raised in Github issue [#86]

Testing

Existing test coverage runs successfully
No change to exisiting test coverage required.

  • [-] This change adds test coverage for new/changed/fixed functionality

Checklist

  • [x] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [x] All active GitHub checks for tests, formatting, and security are passing
  • [?] The correct base branch is being used, if not master

@sobil
Update lru-memoizer to 2.0.1
4405927 
Snyk.io detects vulnerabiliity in unused component of `lodash` via `lru-memorizer`.

`lru-memorizer` updated to remove vulnerable component.

Refer to GitHub issue [#86]
@sobil sobil requested a review from a team August 26, 2019 10:38
@damieng
Copy link
Contributor

damieng commented Aug 26, 2019

Checked with @jfromaniello that this is a safe merge. Internals changed, interface did not.

@damieng damieng merged commit b0bce42 into auth0:master Aug 26, 2019
@sobil sobil mentioned this pull request Aug 27, 2019
Closed
@lbalmaceda lbalmaceda modified the milestones: v1-Next, v1.6.1 Jan 13, 2020
@snyk-bot snyk-bot mentioned this pull request Mar 19, 2020
Merged
@snyk-bot snyk-bot mentioned this pull request Apr 7, 2020
Open
@snyk-bot snyk-bot mentioned this pull request May 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@damieng damieng damieng approved these changes

Assignees
No one assigned
Labels
CH: Security
Projects
None yet
Milestone
v1.6.1
Development

Successfully merging this pull request may close these issues.
3 participants
@sobil @damieng @lbalmaceda