Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update npm-run-all to avoid potential exploit #1406

Merged
merged 1 commit into from
Jan 9, 2019
Merged

update npm-run-all to avoid potential exploit #1406

merged 1 commit into from
Jan 9, 2019

Conversation

Feiyang1
Copy link
Member

@Feiyang1 Feiyang1 commented Nov 29, 2018
edited
Loading

A npm package we transitively depend on was hacked and was injected with malicious code. Our repo is not affected thanks to the fixed version and the lock file. As a precaution, I'm upgrading the library which removed the dependency on the hacked library.
More detail: #1400

mikelehen
mikelehen suggested changes Nov 30, 2018
View reviewed changes
packages/testing/src/api/index.ts Outdated
// efficiency is less important than responsiveness.
'grpc.initial_reconnect_backoff_ms': 100,
'grpc.max_reconnect_backoff_ms': 100
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this change coming from?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I know what's going on. I rebased the master yesterday after the release and the PRs are submitted before the rebase. Rebasing the PR should solve the problem.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is removed from the PR.

@Feiyang1 Feiyang1 mentioned this pull request Nov 30, 2018
Closed
@Feiyang1
Copy link
Member Author

Feiyang1 commented Jan 7, 2019

@davideast ping

@Feiyang1 Feiyang1 merged commit 78b9978 into master Jan 9, 2019
@Feiyang1 Feiyang1 deleted the fei-deps branch January 9, 2019 18:27
@firebase firebase locked and limited conversation to collaborators Oct 14, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bojeil-google bojeil-google bojeil-google approved these changes

@mmermerkaya mmermerkaya mmermerkaya approved these changes

@mikelehen mikelehen mikelehen approved these changes

@davideast davideast Awaiting requested review from davideast

@depoll depoll Awaiting requested review from depoll

@dwoffinden dwoffinden Awaiting requested review from dwoffinden

@gsoltis gsoltis Awaiting requested review from gsoltis

@hiranya911 hiranya911 Awaiting requested review from hiranya911

@pinarx pinarx Awaiting requested review from pinarx

@rsgowman rsgowman Awaiting requested review from rsgowman

@schmidt-sebastian schmidt-sebastian Awaiting requested review from schmidt-sebastian

@var-const var-const Awaiting requested review from var-const

@wilhuff wilhuff Awaiting requested review from wilhuff

@zxu123 zxu123 Awaiting requested review from zxu123

Assignees

@davideast davideast

Labels
needs-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Feiyang1 @mikelehen @mmermerkaya @bojeil-google @davideast @google-oss-bot