-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decrease security vulnerabilities by upgrading cli dependency (#754 #748) #756
Conversation
@samuelms1 @sethkinast @jimmyhchan Will you please merge and npm publish this security patch? |
thanks @danactive. would you mind removing the package.json version change. this is done in the Grunt file on release. |
whoops i mean 2.7.2. hrmm grumble.... @sethkinast looks like there's a 2.7.4 tag ... so this would likely be 2.7.5 |
I don't plan to take this change. I'll do a full dep sweep as a single commit. |
(Which will likely be with 2.8.0 rollup as the last point release before 3.0) |
@sethkinast feel free to drop this into a todo list issue and I can pick it
up.
…On Tue, Dec 6, 2016 at 6:06 PM Seth Kinast ***@***.***> wrote:
(Which will likely be with 2.8.0 rollup as the last point release before
3.0)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#756 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAr2h5F5Yj6KjSgvP9Qr9qC9B5YX6cKyks5rFepZgaJpZM4LEhDr>
.
|
You bet, did that for you |
@sethkinast and @jimmyhchan Will you reconsider this PR? I really want this security warning to disappear, it's blocking my build due to an nsp build step |
reopening. I would like this as 2.7.5. @danactive the PR as it is won't work. If you want to continue with this get this change on the 2.7 branch and undo the package.json bump |
Also undo the changelog, that's generated automatically. Really this is just a version change, @jimmyhchan you can just make the change and run the release task without needing the overhead of a PR if you want |
@jimmyhchan I rewrote my commit history to remove to allow you and your tools to take over, thx |
Going to pull this in and cherry-pick it into the 2.7 branch and do a release from that |
2.7.5 is out now. |
@jimmyhchan Thanks, I'm unblocked now! |
Looks like the
cli
project didn't change their interface so no changes are needed with dustjs. This should resolve thensp
security alert and make dustjs secure.Please merge and publish to npm, thanks
-=Dan=-