Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decrease security vulnerabilities by upgrading cli dependency (#754 #748) #756

Merged
merged 1 commit into from
Dec 8, 2016
Merged

Decrease security vulnerabilities by upgrading cli dependency (#754 #748) #756

merged 1 commit into from
Dec 8, 2016

Conversation

danactive
Copy link
Contributor

@danactive danactive commented Dec 5, 2016
edited
Loading

Looks like the cli project didn't change their interface so no changes are needed with dustjs. This should resolve the nsp security alert and make dustjs secure.

Please merge and publish to npm, thanks

-=Dan=-

@danactive
Copy link
Contributor Author

@samuelms1 @sethkinast @jimmyhchan Will you please merge and npm publish this security patch?

@jimmyhchan
Copy link
Contributor

thanks @danactive.

would you mind removing the package.json version change. this is done in the Grunt file on release.
Looks like we have a backlog of commits since 2.6.2 so this might have to be a minor.

@jimmyhchan
Copy link
Contributor

whoops i mean 2.7.2. hrmm grumble.... @sethkinast looks like there's a 2.7.4 tag ... so this would likely be 2.7.5

@sethkinast
Copy link
Contributor

I don't plan to take this change. I'll do a full dep sweep as a single commit.

@sethkinast sethkinast closed this Dec 6, 2016
@sethkinast
Copy link
Contributor

(Which will likely be with 2.8.0 rollup as the last point release before 3.0)

@jimmyhchan
Copy link
Contributor

jimmyhchan commented Dec 6, 2016 via email

@sethkinast
Copy link
Contributor

You bet, did that for you

@danactive
Copy link
Contributor Author

@sethkinast and @jimmyhchan Will you reconsider this PR? I really want this security warning to disappear, it's blocking my build due to an nsp build step

@jimmyhchan
Copy link
Contributor

reopening. I would like this as 2.7.5. @danactive the PR as it is won't work. If you want to continue with this get this change on the 2.7 branch and undo the package.json bump

@jimmyhchan jimmyhchan reopened this Dec 8, 2016
@sethkinast
Copy link
Contributor

Also undo the changelog, that's generated automatically. Really this is just a version change, @jimmyhchan you can just make the change and run the release task without needing the overhead of a PR if you want

@danactive
Copy link
Contributor Author

@jimmyhchan I rewrote my commit history to remove to allow you and your tools to take over, thx

@jimmyhchan
Copy link
Contributor

Going to pull this in and cherry-pick it into the 2.7 branch and do a release from that

@jimmyhchan jimmyhchan merged commit e0e25f7 into linkedin:master Dec 8, 2016
@jimmyhchan
Copy link
Contributor

2.7.5 is out now.

@danactive
Copy link
Contributor Author

@jimmyhchan Thanks, I'm unblocked now!

This was referenced Dec 30, 2021
Open
Open
Open
Open
Open
@captainbarber99 captainbarber99 mentioned this pull request Nov 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danactive @jimmyhchan @sethkinast