Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: update dependencies mkdirp, yargs and yargs-parser #4204

Merged
merged 1 commit into from
Mar 18, 2020

Conversation

juergba
Copy link
Contributor

@juergba juergba commented Mar 18, 2020

Description of the Change

  • mkdirp: prototype pollution by minimist => update to mkdirp@0.5.3
  • yargs-parser: prototype pollution => update to yargs-parser@13.1.2
  • yargs: update to yargs@13.3.2

Applicable issues

related #4199

@coveralls
Copy link

Coverage Status

Coverage remained the same at 92.804% when pulling 69ea2b0 on juergba/security into 2f26478 on master.

@juergba juergba self-assigned this Mar 18, 2020
@juergba juergba added area: security involving vulnerabilities semver-patch implementation requires increase of "patch" version number; "bug fixes" labels Mar 18, 2020
@juergba juergba added this to the next milestone Mar 18, 2020
@juergba juergba merged commit dfaa654 into master Mar 18, 2020
@juergba juergba deleted the juergba/security branch March 18, 2020 08:00
@juergba juergba added the landed-on-v7.1.x cherry-picked from master label Mar 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: security involving vulnerabilities landed-on-v7.1.x cherry-picked from master semver-patch implementation requires increase of "patch" version number; "bug fixes"
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants