-
-
Notifications
You must be signed in to change notification settings - Fork 619
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix vulnerabilities: v2 #458
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's your stuff from the add
branch. Also, we should point it to master
.
@ematipico Alright. Changed to point |
Shouldn't we point it to next Emanuel? :) Why change the way we are developing all of sudden when we agreed to a develop branch? |
@ev1stensberg If we follow gitflow, usually hotfixes point straight to master as they are urgent and they don't involve any development features. After that a patch should be released in order to provide the hotfixes ASAP. That's what I usually follow. What do you think? We can point it to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll need to review each package as well 👍
@dhruvdutt Thanks for your update. I labeled the Pull Request so reviewers will review it again. @ematipico Please review the new changes. |
@ev1stensberg I've changed the base branch to I think @ematipico is right and I'll fix the |
"semantic-release": "^15.5.0", | ||
"travis-deploy-once": "^5.0.0", | ||
"webpack": "^4.8.3", | ||
"webpack-dev-server": "^3.1.4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The diff looks messy here because of wrong ordering in the previous version of the code. 😁
this would have to be done for the next branch anyways, so why don't just kill the problem at it's core instead of having to do it all over again next time? The new version is soon out anyways, and the audits had low severity last time I checked |
@ev1stensberg it's up to you then. Fix the audits on the webpack v3 branch (check every package so) and wait for the new release (who knows when) or doing a hotfix to provide to the community with the security fixes. We should always provide security fixes to the consumers of a software |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's go for the next branch.
Keeping this PR on For |
🎉 This PR is included in version 2.1.4 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What kind of change does this PR introduce?
Fix vulnerabilities
Did you add tests for your changes?
If relevant, did you update the documentation?
Summary
Does this PR introduce a breaking change?
Other information
Fixes #457