Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump js-yaml to fix Denial of Servic vulnerability #11550

Merged
merged 1 commit into from Mar 28, 2019
Merged

Bump js-yaml to fix Denial of Servic vulnerability #11550

merged 1 commit into from Mar 28, 2019

Conversation

vernondegoede
Copy link
Contributor

@vernondegoede vernondegoede commented Mar 25, 2019
edited

What is the purpose of this pull request? (put an "X" next to item)

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[X] Other, please explain:

What changes did you make? (Give an overview)

Is there anything you'd like reviewers to focus on?
Please check whether everything still works as expected after bumping the version.
This shouldn't be the case, as explained in the js-yaml CHANGELOG.

@jsf-clabot
Copy link

jsf-clabot commented Mar 25, 2019
edited

CLA assistant check
All committers have signed the CLA.

@eslint-deprecated eslint-deprecated bot added the triage An ESLint team member will look at this issue soon label Mar 25, 2019
@vernondegoede vernondegoede mentioned this pull request Mar 25, 2019
Merged
@platinumazure platinumazure added core Relates to ESLint's core APIs and features accepted There is consensus among the team that this change meets the criteria for inclusion upgrade This change is related to a dependency upgrade and removed triage An ESLint team member will look at this issue soon labels Mar 25, 2019
platinumazure
platinumazure approved these changes Mar 25, 2019
View reviewed changes
Copy link
Member

@platinumazure platinumazure left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Note to merger: The commit summary should start with "Upgrade: ".

@vernondegoede
Copy link
Contributor Author

What do the release cycles of ESLint look like? When can we expect the next release?

@platinumazure
Copy link
Member

platinumazure commented Mar 27, 2019
edited

Hi @vernondegoede.

Per our readme, we release every 2 weeks. You can use this link to track our release management issues: release This issue contains information about a scheduled ESLint release

@vernondegoede
Copy link
Contributor Author

Cool, thanks @platinumazure. I like how @eslintbot is used for automation of almost everything.

@not-an-aardvark not-an-aardvark merged commit afe3d25 into eslint:master Mar 28, 2019
@louistiti louistiti mentioned this pull request Apr 3, 2019
Closed
@snyk-bot snyk-bot mentioned this pull request Aug 15, 2019
Merged
@snyk-bot snyk-bot mentioned this pull request Aug 28, 2019
Closed
@eslint-deprecated eslint-deprecated bot locked and limited conversation to collaborators Sep 25, 2019
@eslint-deprecated eslint-deprecated bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Sep 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@platinumazure platinumazure platinumazure approved these changes

@gyandeeps gyandeeps gyandeeps approved these changes

@g-plane g-plane g-plane approved these changes

Assignees
No one assigned
Labels
accepted There is consensus among the team that this change meets the criteria for inclusion archived due to age This issue has been archived; please open a new issue for any further discussion core Relates to ESLint's core APIs and features upgrade This change is related to a dependency upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@vernondegoede @jsf-clabot @platinumazure @gyandeeps @g-plane @not-an-aardvark