Skip to content
This repository has been archived by the owner on Jan 13, 2023. It is now read-only.

Bump npm-run-all version for security #137

Merged
merged 1 commit into from
Dec 27, 2018
Merged

Conversation

bryanstearns
Copy link
Member

npm-run-all 4.1.3 depends indirectly on flatmap-stream, which has been yanked
from npm because it contained malicious code:

https://www.npmjs.com/advisories/737
mysticatea/npm-run-all#149

npm-run-all 4.1.3 depends indirectly on flatmap-stream, which has been yanked
from npm because it contained malicious code:

https://www.npmjs.com/advisories/737
mysticatea/npm-run-all#149
@jamonholmgren jamonholmgren merged commit 54e4707 into master Dec 27, 2018
@jamonholmgren jamonholmgren deleted the bump-npm-run-all branch December 27, 2018 21:07
@jamonholmgren
Copy link
Member

Thank you @bryanstearns !

infinitered-circleci pushed a commit that referenced this pull request Dec 27, 2018
## [2.0.1](v2.0.0...v2.0.1) (2018-12-27)

### Bug Fixes

* **deps:** Bumped RN to 0.57.8 ([#134](#134)) ([80ba5d3](80ba5d3))
* **security:** Bump npm-run-all version for security ([#137](#137)) ([54e4707](54e4707))
* **types:** [[@types](https://github.com/types)/validate.js] Remove deprecated library ([#136](#136)) ([ce3f7c0](ce3f7c0))
@infinitered-circleci
Copy link

🎉 This PR is included in version 2.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants