Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update package.json #258

Merged
merged 1 commit into from
Jul 17, 2019
Merged

Update package.json #258

merged 1 commit into from
Jul 17, 2019

Conversation

deepan83
Copy link
Contributor

@deepan83 deepan83 commented Jul 16, 2019
edited
Loading

@rejas rejas merged commit a7249f1 into klei:master Jul 17, 2019
@joakimbeng
Copy link
Member

🎉 This PR is included in version 5.0.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

@PierreLejeune PierreLejeune mentioned this pull request Jul 17, 2019
Closed
@TheoMugnier
Copy link

TheoMugnier commented Jul 22, 2019
edited
Loading

🚫Pinning group array to 0.3.3 lead to the a high vulnerability ! 🚫
So this can't be considered a permanent fix (Fixed in 0.3.4 of group-array)

From npm audit security report :

  • High : Prototype Pollution
  • Package : set-value
  • Patched in : >=2.0.1 <3.0.0 || >=3.0.1
  • Dependency of : gulp-inject
  • Path : gulp-inject > group-array > union-value > set-value
  • More info : https://npmjs.com/advisories/1012

@TheoMugnier TheoMugnier mentioned this pull request Jul 22, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Broken inject function with tags(starttag, endtag)
4 participants
@deepan83 @joakimbeng @TheoMugnier @rejas