Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade git-url-parse to 13.1.0 #1565

Merged
merged 1 commit into from Oct 24, 2022
Merged

chore: upgrade git-url-parse to 13.1.0 #1565

merged 1 commit into from Oct 24, 2022

Conversation

lance
Copy link
Contributor

@lance lance commented Oct 14, 2022

Fixes: #1558

Signed-off-by: Lance Ball lball@redhat.com

@lance
chore: upgrade git-url-parse to 13.1.0
39bec2c 
Fixes: documentationjs#1558

Signed-off-by: Lance Ball <lball@redhat.com>
@paoliniluis
Copy link

Hi, will you backport this dep upgrade to v13?

@lance
Copy link
Contributor Author

lance commented Oct 22, 2022

Hi, will you backport this dep upgrade to v13?

@paoliniluis sure but I don't see a v13 branch on this repo or instructions on how you handle backports. Can you give me some pointers? Thanks.

@paoliniluis
Copy link

sorry, I thought there was. I'm afraid that this needs to be handled by one of the core maintainers if they want to backport this

@paoliniluis
Copy link

@birkskyum

birkskyum
birkskyum approved these changes Oct 24, 2022
View reviewed changes
Copy link
Contributor

@birkskyum birkskyum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this.

I won't have the time to backport this - there were a ton of dependency updates for version 14, including node 18 compatibility (LTS from tomorrow), so if it in any way is possible to upgrade to documentation.js v14 that would be my recommendation, or maybe i can help with migration issues.

@birkskyum birkskyum merged commit 97e9361 into documentationjs:master Oct 24, 2022
@paoliniluis
Copy link

Thanks! Do you have any idea when there will be a new release with the dependency bump that was just merged?

@lance
Copy link
Contributor Author

lance commented Oct 24, 2022

if it in any way is possible to upgrade to documentation.js v14 that would be my recommendation

We are already using v14 - I noticed the security warnings on that version. No need to help with anything other than releasing a new version of documentation that includes this commit.

@lance
Copy link
Contributor Author

lance commented Oct 24, 2022

if it in any way is possible to upgrade to documentation.js v14 that would be my recommendation

We are already using v14 - I noticed the security warnings on that version. No need to help with anything other than releasing a new version of documentation that includes this commit.

Sorry @birkskyum - just realized your comment was directed at @paoliniluis ...

@rotu
Copy link

rotu commented Dec 1, 2022

Can this please be released?

@marques-work
Copy link

marques-work commented Dec 14, 2022
edited

@birkskyum is there anything holding back a 14.0.1 release that includes just this one fix? It would fix the npm audit reported CVEs for any projects that depend on this package.

AFAICT, this is the only commit since the 14.0.0 tag.

@birkskyum
Copy link
Contributor

birkskyum commented Dec 14, 2022
edited

@marques-work , @rotu, @paoliniluis it's released now.

@marques-work
Copy link

Thanks so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@birkskyum birkskyum birkskyum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request: Vulnerabilities in documentation module
5 participants
@lance @paoliniluis @rotu @marques-work @birkskyum