Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 (#3740)
* [CVE-2022-48285][1.x] Bump jszip from 3.7.1 to 3.10.1 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. This CVE requires to bump jszip to 3.8.0+. Signed-off-by: Anan Zhuang <[email protected]> * remove unecessary resolution remove yarn.lock entry, clean and bootstrap Signed-off-by: Josh Romero <[email protected]> --------- Signed-off-by: Anan Zhuang <[email protected]> Signed-off-by: Josh Romero <[email protected]> Co-authored-by: Josh Romero <[email protected]> Co-authored-by: Sean Neumann <[email protected]> (cherry picked from commit 364832d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
- Loading branch information