Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Lodash security vulnerability #208

Merged
merged 3 commits into from
Aug 7, 2019
Merged

fix: Lodash security vulnerability #208

merged 3 commits into from
Aug 7, 2019
+2,808 −2,697

Conversation

Xotic750
Copy link
Contributor

@coveralls
Copy link

coveralls commented Jul 25, 2019
edited
Loading

Pull Request Test Coverage Report for Build 433

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 100.0%
Totals Coverage Status
Change from base Build 426: 0.0%
Covered Lines: 1904
Relevant Lines: 1904
💛 - Coveralls

@coveralls
Copy link

Pull Request Test Coverage Report for Build 431

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 100.0%
Totals Coverage Status
Change from base Build 426: 0.0%
Covered Lines: 1904
Relevant Lines: 1904
💛 - Coveralls

@Xotic750
Copy link
Contributor Author

Strange that the testing fails on node 6

@andreineculau
Copy link

do you need all the noise about babel changes in your PR, just to bump the lodash dependency?

@Xotic750
Copy link
Contributor Author

Xotic750 commented Aug 6, 2019
edited
Loading

Then it fails the test, hence the "noise". That's why the bump first, then fail, then fix babel "noise" and pass, as per the history of the PR.

@idok idok merged commit 11b7d91 into wix-incubator:master Aug 7, 2019
kevinzang pushed a commit to udemy-archive/js-tooling that referenced this pull request Aug 12, 2019
Replace underscore plugin with lodash plugin
56f3030 
1) we’re using lodash, not underscore, in website-django
2) the lodash plugin has fixed lodash security issue: wix-incubator/eslint-plugin-lodash#208
@kevinzang kevinzang mentioned this pull request Aug 12, 2019
Merged
kevinzang pushed a commit to udemy-archive/js-tooling that referenced this pull request Aug 13, 2019
TF-3863 Resolve GitHub security alerts (#74)
4c687d8 
* Upgrade lerna to resolve security issues

WS-2018-0236: Upgrade mem to version 4.0.0 or later.
CVE-2019-10744: Upgrade lodash.template to version 4.5.0 or later.
WS-2019-0064: Upgrade handlebars to version 4.0.14 or later.

* Dedup lodash,js-yaml to resolve security issues

CVE-2019-10744: Upgrade lodash to version 4.17.13 or later.
WS-2019-0032, WS-2019-0063: Upgrade js-yaml to version 3.13.1 or later.

* Ignore .DS_Store files

* Replace underscore plugin with lodash plugin

1) we’re using lodash, not underscore, in website-django
2) the lodash plugin has fixed lodash security issue: wix-incubator/eslint-plugin-lodash#208

* lerna v3 doesn’t need “lerna” key in lerna.json

* Publish

 - babel-polyfill-udemy-website@9.0.11
 - babel-preset-udemy-website@11.0.8
 - eslint-config-tester@3.0.1
 - eslint-config-udemy-babel-addons@6.0.1
 - eslint-config-udemy-basics@8.0.5
 - eslint-config-udemy-jasmine-addons@8.0.2
 - eslint-config-udemy-react-addons@10.0.3
 - eslint-config-udemy-website@12.0.10
 - eslint-plugin-udemy@9.0.3
 - prettier-config-udemy@1.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Xotic750 @coveralls @andreineculau @idok