Skip to content
This repository has been archived by the owner on May 30, 2024. It is now read-only.

Update: bump eventsource package for security fix #217

Closed
wants to merge 1 commit into from
Closed

Update: bump eventsource package for security fix #217

wants to merge 1 commit into from

Conversation

m-schrepel
Copy link

@m-schrepel m-schrepel commented May 11, 2021
edited
Loading

Requirements

  • I have added test coverage for new or changed functionality
  • I have followed the repository's pull request submission guidelines
  • I have validated my changes against all supported platform versions

Related issues

launchdarkly/js-eventsource#11
#209

Describe the solution you've provided

The newly published launchdarkly-eventsource package bumps the version of original to 1.0.1 where the url-parse issue is fixed. This would take in 1.4.1 of eventsource instead of 1.4.0 which will resolve the url-parse issue at a top-level

Additional context

GHSA-9m6j-fcg5-2442

@eli-darkly
Copy link
Contributor

Currently package-lock.json is in source control— which probably doesn't make sense for a library project, so I think we will probably remove it at some point, but since it's in there now it does need to be committed for any dependency change. But we were going to do that anyway as a follow-up to the eventsource release, so you don't need to submit a PR. Sorry we were just moving slowly.

@eli-darkly eli-darkly closed this May 11, 2021
LaunchDarklyReleaseBot pushed a commit that referenced this pull request Jul 22, 2021
@eli-darkly
Merge pull request #217 from launchdarkly/eb/ch108418/fix-caching-sto…
ed7ddf3 
…re-wrapper-intf

fix TS export of CachingStoreWrapper
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m-schrepel @eli-darkly