Skip to content

Fix CVEs and update jsonpath-plus #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 24, 2024
Merged

Fix CVEs and update jsonpath-plus #249

merged 2 commits into from
Oct 24, 2024

Conversation

dongshunyao
Copy link
Contributor

Fix all CVE issues:

  • braces
  • get-func-name
  • micromatch
  • postcss
  • rollup
  • vite
  • jsonpath-plus ^7.2.0 -> ^10.1.0

test:coverage and test:functional have already run locally and passed.

@dongshunyao dongshunyao mentioned this pull request Oct 24, 2024
Closed
guyroyse
guyroyse requested changes Oct 24, 2024
View reviewed changes
Copy link
Contributor

@guyroyse guyroyse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this contribution! I'm up to my eyeballs and haven't had time to look at this.

Could you do me a solid and bump the version number to 0.4.7 in package.json and make a note of it in the CHANGELOG? Obviously, I can do that myself, but then I have to get someone to review a the PR as well. If you do it, then I'm the reviewer and it's faster.

Thanks again!

@dongshunyao
Copy link
Contributor Author

Thanks for this contribution! I'm up to my eyeballs and haven't had time to look at this.

Could you do me a solid and bump the version number to 0.4.7 in package.json and make a note of it in the CHANGELOG? Obviously, I can do that myself, but then I have to get someone to review a the PR as well. If you do it, then I'm the reviewer and it's faster.

Thanks again!

Thank you for your quick response! I have already completed the modification.

I corrected some typos in the CHANGELOG. I did not add the change logs of the previous two versions because these modifications are non-functional.

@dongshunyao dongshunyao requested a review from guyroyse October 24, 2024 17:52
guyroyse
guyroyse approved these changes Oct 24, 2024
View reviewed changes
Copy link
Contributor

@guyroyse guyroyse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thanks!

@guyroyse guyroyse merged commit 6f08d02 into redis:main Oct 24, 2024
2 checks passed
@dongshunyao dongshunyao deleted the fix-cve branch December 17, 2024 13:47
@dongshunyao dongshunyao restored the fix-cve branch December 17, 2024 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guyroyse guyroyse guyroyse approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dongshunyao @guyroyse