Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk reports - Prototype Pollution for 4.0.0 #112

Closed
yenanandu opened this issue Nov 19, 2020 · 3 comments
Closed

Snyk reports - Prototype Pollution for 4.0.0 #112

yenanandu opened this issue Nov 19, 2020 · 3 comments

Comments

@yenanandu
Copy link

Team - any plans to release a patch version for 4.0.0 to address below issue
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
@coreyfarrell coreyfarrell mentioned this issue Nov 20, 2020
Closed
@KTOmega
Copy link

KTOmega commented Nov 20, 2020
edited

It seems like #108 (the fix for the vulnerability) should be fairly compatible with the 4.0.0 release, despite the different JavaScript languages used in the patch. There's no current branch for v4 releases at the moment, so would the y18n team be willing to publish a new version from the v4 branch?

@aziemchawdhary-gs aziemchawdhary-gs mentioned this issue Nov 25, 2020
Closed
@bcoe bcoe closed this as completed Nov 30, 2020
@bcoe
Copy link
Member

bcoe commented Nov 30, 2020

@KTOmega @yenanandu I have back-ported the patch.

@stof
Copy link

stof commented Dec 11, 2020
edited

@bcoe given that gulp-cli still relies on the 3.x branch, would you consider backporting it to a 3.2.2 release as well ?

@Frozenfire92 Frozenfire92 mentioned this issue Feb 16, 2021
Merged
@CMaheshBL CMaheshBL mentioned this issue May 6, 2022
Open
@RobertMickleCx RobertMickleCx mentioned this issue Mar 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bcoe @stof @KTOmega @yenanandu