Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated the dependencies (and fixed the decompress vulnerability) #545

Merged
merged 1 commit into from
Apr 2, 2020

Conversation

not-matthias
Copy link
Contributor

@not-matthias not-matthias commented Apr 2, 2020

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • New Binding Issue #___
  • Code style update
  • Refactor
  • Build-related changes
  • Other, please describe: Dependency update

Does this PR introduce a breaking change? (check one)

  • Yes. Issue #___
  • No

The PR fulfills these requirements:

  • It's submitted to the dev branch and not the master branch
  • When resolving a specific issue, it's referenced in the PR's title (e.g. fix: #xxx[,#xxx], where "xxx" is the issue number)

If adding a new feature, the PR's description includes:

  • A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

Other information:

This fixes the vulnerability in https://github.com/kevva/decompress. (see here for the pull request).

@not-matthias not-matthias requested a review from a team April 2, 2020 21:19
@nothingismagick
Copy link
Member

It's just a yarn.lock - didn't the package.json need updating too

@not-matthias
Copy link
Contributor Author

Decompress is used by the imagemin-* dependencies and not directly in the project.

@nothingismagick nothingismagick merged commit 2fc2fc2 into dev Apr 2, 2020
@lucasfernog lucasfernog deleted the chore/update-deps branch July 4, 2020 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants