-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: security fix on vant package #262
Conversation
WalkthroughThe pull request updates the Changes
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🔇 Additional comments (1)package.json (1)
The changes systematically address the security issue across all affected versions of vant (2.x, 3.x, 4.x), with proper version mappings and documentation. Let's verify the release notes and ensure the versions are correctly mapped: ✅ Verification successfulSecurity fix version mappings verified - Correct and timely updates The version mappings in package.json are accurate and align with the security fix releases:
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Verify the vant release notes and version information
# Fetch the release notes to verify the security fix details
curl -s -L https://github.com/youzan/vant/releases/tag/v4.9.15
# Verify if these are the latest versions available
curl -s https://registry.npmjs.org/vant | jq -r '.versions | keys[]' | sort -V | tail -n 5
Length of output: 78005 Script: #!/bin/bash
# Let's try a different approach to verify the versions and security fix
# First, let's check the latest versions from npm registry for each major version
echo "Latest versions from npm:"
curl -s "https://registry.npmjs.org/vant" | jq -r '.["dist-tags"]'
# Check if these versions were published recently
echo -e "\nRecent versions and their publish dates:"
curl -s "https://registry.npmjs.org/vant" | jq -r '.time | to_entries | .[] | select(.key | contains("4.9.") or contains("3.6.") or contains("2.13.")) | "\(.key) => \(.value)"'
Length of output: 1976 Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
[skip ci] ## [1.107.0](v1.106.0...v1.107.0) (2024-12-19) ### Features * security fix on vant package ([#262](#262)) ([0d48109](0d48109))
see https://github.com/youzan/vant/releases/tag/v4.9.15
Summary by CodeRabbit
vant
package with new version mappings.