Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates acorn to v7.1.1 #4881

Closed
wants to merge 1 commit into from
Closed

Updates acorn to v7.1.1 #4881

wants to merge 1 commit into from

Conversation

ryanml
Copy link
Contributor

@ryanml ryanml commented Mar 8, 2020

Fixes: brave/brave-browser#8588

Submitter Checklist:

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@ryanml ryanml added the dependencies Pull requests that update a dependency file label Mar 8, 2020
@ryanml ryanml added this to the 1.7.x - Nightly milestone Mar 8, 2020
@ryanml ryanml requested review from mihaiplesa and bsclifton March 8, 2020 22:18
@ryanml ryanml self-assigned this Mar 8, 2020
@fmarier
Copy link
Member

fmarier commented Mar 9, 2020

Is the change of registries (npmjs.org v. yarnpkg.com) intended?

@bsclifton
Copy link
Member

bsclifton commented Mar 9, 2020

whoops- guessing not. Good catch, @fmarier 😄

I already accepted / merged a brave-browser update using yarn. Does the choice of registry matter to us, @mihaiplesa?
https://github.com/brave/brave-browser/pull/8589/files

Copy link
Member

@bsclifton bsclifton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

@mihaiplesa
Copy link
Collaborator

@bsclifton I'd keep them consistent but made a note to review which ones we use and if we're being inconsistent

@bsclifton
Copy link
Member

@mihaiplesa consistent sounds good! @ryanml updated to use npmjs

@bsclifton bsclifton closed this Mar 9, 2020
@bsclifton
Copy link
Member

will revisit soon

@bsclifton bsclifton deleted the fix-acorn branch March 9, 2020 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Moderate vulnerability with the Acorn package (Regex DoS)
4 participants