Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lodash and remove prototype vulnerabilities #2582

Merged
merged 1 commit into from Jan 22, 2019
Merged

Update lodash and remove prototype vulnerabilities #2582

merged 1 commit into from Jan 22, 2019

Conversation

cheesestringer
Copy link
Contributor

@nschonni
Copy link
Contributor

I don't believe this is needed #2574 (comment)

@cheesestringer
Copy link
Contributor Author

There is nothing to update to since these were separate packages. Since then it looks like it has gone back to a single package you import from.

https://www.npmjs.com/package/lodash.assign (2 years old)
https://www.npmjs.com/package/lodash.clonedeep (2 years old)
https://www.npmjs.com/package/lodash.mergewith (almost 2 years old)

@xzyfer
Copy link
Contributor

xzyfer commented Jan 21, 2019

Weird this didn't build in Travis

@nschonni
Copy link
Contributor

@xzyfer may be related to this https://developer.github.com/changes/2018-04-25-github-services-deprecation/
We still have the "old" integration setup, so you might need to add the "app" version instead. Might be the same for AppVeyor that also didn't trigger

@cheesestringer
Copy link
Contributor Author

A build ran 15 minutes ago for a pr that was closed 13 days ago but had lodash in the title.

https://travis-ci.org/sass/node-sass/builds/476774889

@nschonni
Copy link
Contributor

Yeah, that was me hitting restart, not realizing it was an old PR and not this one

@xzyfer
Copy link
Contributor

xzyfer commented Jan 21, 2019

We can't migrate just yet

The following repositories cannot be migrated to travis-ci.com at this time because they are currently active on our legacy platform travis-ci.org. This feature will be available shortly. Please read our docs on open source migration to learn more.

I think it was just a dodgy webhook. Please try to rebase on master to kick off a new one.

@cheesestringer
Copy link
Contributor Author

Nothing to rebase against so I amended the commit message.

@xzyfer
Copy link
Contributor

xzyfer commented Jan 21, 2019

Travis CI is now running but failing due to lodash dependencies. Please investigate.

@cheesestringer
Copy link
Contributor Author

All good now, needed a capital on cloneDeep and mergeWith import.

xzyfer
xzyfer approved these changes Jan 22, 2019
View reviewed changes
Copy link
Contributor

@xzyfer xzyfer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@xzyfer xzyfer merged commit 44366b3 into sass:master Jan 22, 2019
@cheesestringer cheesestringer deleted the feature/update-lodash branch January 22, 2019 07:36
@stof
Copy link

stof commented Feb 28, 2019

is there any ETA for a release including that change ?

@stof stof mentioned this pull request Feb 28, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xzyfer xzyfer xzyfer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cheesestringer @nschonni @xzyfer @stof