Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2020-7774 #2737

Merged
merged 1 commit into from Mar 25, 2021
Merged

Fix CVE-2020-7774 #2737

merged 1 commit into from Mar 25, 2021

Conversation

vecerek
Copy link

@vecerek vecerek commented Feb 19, 2021

@vecerek vecerek requested a review from a team as a code owner February 19, 2021 20:01
@darcyclarke darcyclarke added Release 6.x work is associated with a specific npm 6 release Needs Review semver:patch semver patch level for changes Security security related labels Feb 22, 2021
@vecerek
Copy link
Author

vecerek commented Mar 1, 2021

@darcyclarke tests in some environments are failing and I cannot reproduce them locally. Instead of the 6 failing tests I get:

3926 passing (5m)
  11 pending
  1 failing

The failing test being:

not ok should match pattern provided
    found: ''
    pattern: /Check if the file 'emacsclient' is present./
    at:
      line: 26
      column: 7
      file: test/tap/spawn-enoent-help.js
      type: global
    stack: |
      test/tap/spawn-enoent-help.js:26:7
      f (node_modules/once/once.js:25:25)
      ChildProcess.<anonymous> (test/common-tap.js:175:5)
    source: |
      t.similar(serr, /Check if the file 'emacsclient' is present./)

I believe I need help addressing the failing tests 🙁

@darcyclarke
Copy link
Contributor

darcyclarke commented Mar 12, 2021
edited

@vecerek apologize for the delayed response here; I went digging to try & figure out why this CVE isn't in GitHub/npm's Advisory DB - I'm hoping we can figure that out but will also cut a v6 release addressing this prod-dep patch as soon as I can.

@ruyadorno ruyadorno changed the base branch from v6 to release/v6.14.12 March 25, 2021 16:09
@ruyadorno ruyadorno merged commit e476540 into npm:release/v6.14.12 Mar 25, 2021
This was referenced Mar 25, 2021
Merged
Closed
@kasicka kasicka mentioned this pull request Apr 9, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Release 6.x work is associated with a specific npm 6 release Security security related semver:patch semver patch level for changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vecerek @darcyclarke @ruyadorno