Bump 'async' from v2.4.2 to v3.2.2 to fix a prototype pollution exploit #802
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @fadi-quader-mox! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
fadi-quader-mox
changed the title
facebook-github-bot
added
the
CLA Signed
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
facebook-github-bot
added
the
Shared with Meta
robhogan
approved these changes
Apr 11, 2022
|
@robhogan has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
|
Thanks :) |
facebook-github-bot
pushed a commit
to facebook/react-native
that referenced
this pull request
Apr 11, 2022
…it (#802) Summary: ## Summary The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
amgleitman
pushed a commit
to amgleitman/react-native-macos
that referenced
this pull request
Apr 12, 2022
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
amgleitman
pushed a commit
to amgleitman/react-native-macos
that referenced
this pull request
Apr 12, 2022
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
Saadnajmi
pushed a commit
to Saadnajmi/react-native-macos
that referenced
this pull request
Jan 15, 2023
…it (microsoft#802) Summary: The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
## Summary
The PR is essentially to update async to version 3.2.2 to fix t a prototype pollution exploit found in versions <
3.2.2. The vulnerability was discovered by Snyk has discovered an exploit in and labelled as High Severity.