Skip to content

Update rc to ^1.2.7 in package.json #379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost wants to merge 1 commit into from
Closed

Update rc to ^1.2.7 in package.json #379

ghost wants to merge 1 commit into from

Conversation

@ghost
Copy link

@ghost ghost commented May 9, 2018

Upgrading rc to 1.2.7. This should fix #378

@caub caub mentioned this pull request May 10, 2018
Closed
6 tasks
@finnp finnp mentioned this pull request May 13, 2018
Closed
@zhuangya zhuangya mentioned this pull request May 14, 2018
Closed
@brettz9
Copy link

brettz9 commented May 28, 2018

Any ETA on this getting reviewed, merged, and released?

@merlinstardust
Copy link

merlinstardust commented May 30, 2018

There is now 1.2.8 for rc, so might as well update to that while this merge is waiting

@zhuangya
Copy link

zhuangya commented May 30, 2018

There is now 1.2.8 for rc, so might as well update to that while this merge is waiting

just change rc's version to 10.0.0

@gustawdaniel
Copy link

gustawdaniel commented Jun 9, 2018

I see that in v0.10.0 of this pacage version of rc is ^1.1.7. Taking into account this update of rc

dominictarr/rc@73f285b

to version 1.2.8 that updated version of deep-extend to 0.6.0 i propose to change version of

rc in this package to 1.2.8.

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ deep-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.5.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bcrypt                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bcrypt > node-pre-gyp > rc > deep-extend                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/612                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

@springmeyer springmeyer added this to the 0.10.2 milestone Jun 24, 2018
hyj1991 pushed a commit to X-Profiler/node-pre-gyp that referenced this pull request Jun 16, 2023
close mapbox#379
be0030f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.10.2

Development

Successfully merging this pull request may close these issues.

security vulnerability caused by [email protected]

5 participants

@brettz9 @merlinstardust @zhuangya @gustawdaniel @springmeyer