Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: Upgrade debug to 2.6.9 #9366

Closed
wants to merge 2 commits into from
Closed

deps: Upgrade debug to 2.6.9 #9366

wants to merge 2 commits into from

Conversation

PatOnTheBack
Copy link
Contributor

Summary

This fixes a ReDoS vulnerability in debug 2.6.8

snyk-test and others added 2 commits July 13, 2019 18:42
fix: lighthouse-logger/package.json to reduce vulnerabilities
afd6731 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:debug:20170905
@PatOnTheBack
Merge pull request #1 from PatOnTheBack/snyk-fix-24200451999efef08bc8…
0f6cc1e 
…6421e16eeb9d

[Snyk] Fix for 1 vulnerable dependencies
@googlebot
Copy link

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and have the pull request author add another comment and the bot will run again. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@PatOnTheBack PatOnTheBack changed the title Upgrade debug to 2.6.9 deps: Upgrade debug to 2.6.9 Jul 13, 2019
@brendankenny
Copy link
Member

  • it looks like we'd need CLA information from @snyk-test, the author of the commit. We have one from snyk-bot...any way to switch to that user? Or to get a CLA for @snyk-test.
  • I'd call this more of a corner-case performance improvement than a DoS fix :)
  • Is this an automated service? It would be good to link to any info about who is running this, etc in the profile if so.
  • I'm also not sure we want to sign up for automated PRs.

@PatOnTheBack
Copy link
Contributor Author

@brendankenny Yes, Snyk is an automated service from the GitHub marketplace. You can find out about it here: https://snyk.io/

@brendankenny
Copy link
Member

@brendankenny Yes, Snyk is an automated service from the GitHub marketplace. You can find out about it here: https://snyk.io/

yes, I was wondering if you were a bot, but apparently not :)

@paulirish
Copy link
Member

thanks. i'll take care of this in #9398

@paulirish paulirish closed this Jul 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: no
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PatOnTheBack @googlebot @brendankenny @paulirish