Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade browserslist to 4.16.6 #24692

Merged
merged 20 commits into from
May 16, 2021
Merged

Upgrade browserslist to 4.16.6 #24692

merged 20 commits into from
May 16, 2021

Conversation

kachkaev
Copy link
Contributor

@kachkaev kachkaev commented May 1, 2021

Bug

@ijjk ijjk added the type: next label May 1, 2021
@kachkaev kachkaev changed the title Upgrade browserslist browserslist to 4.16.6 (fix CVE-2021-23364) Fix CVE-2021-23364 by upgrading browserslist to 4.16.6 May 1, 2021
@ijjk

This comment has been minimized.

Sign in to view
kachkaev
kachkaev commented May 1, 2021
View reviewed changes
package.json Show resolved Hide resolved
kachkaev
kachkaev commented May 1, 2021
View reviewed changes
packages/next/package.json Outdated Show resolved Hide resolved
@ijjk

This comment has been minimized.

Sign in to view
@ijjk

This comment has been minimized.

Sign in to view
@ijjk

This comment has been minimized.

Sign in to view
@ijjk

This comment has been minimized.

Sign in to view
@ijjk

This comment has been minimized.

Sign in to view
@vwatel
Copy link

vwatel commented May 3, 2021

Thank you @kachkaev for working on this. We also got this raised in Veracode tool Software Composition Analysis report 👍

@ijjk

This comment has been minimized.

Sign in to view
@kachkaev
Copy link
Contributor Author

kachkaev commented May 7, 2021

Hey folks! Do I need to change anything in this PR? The CI is failing, but that seems to be a common case, even for the just-merged PRs. Happy to make further enhancements this weekend!

@vwatel
Copy link

vwatel commented May 9, 2021

Hey folks! Do I need to change anything in this PR? The CI is failing, but that seems to be a common case, even for the just-merged PRs. Happy to make further enhancements this weekend!

Thank you @kachkaev following up on this, I hope you'll be able to get this merged 👍

@timneutkens timneutkens changed the title Fix CVE-2021-23364 by upgrading browserslist to 4.16.6 Upgrade browserslist to 4.16.6 May 10, 2021
timneutkens
timneutkens previously approved these changes May 10, 2021
View reviewed changes
Copy link
Member

@timneutkens timneutkens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to land now, thanks 👍

This was referenced May 19, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Merged
Open
Open
Open
Open
flybayer pushed a commit to blitz-js/next.js that referenced this pull request Jun 1, 2021
@kachkaev
Upgrade browserslist to 4.16.6 (vercel#24692)
0e53589 
## Bug

- [x] Related issue: [CVE-2021-23364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364)
- ~Integration tests added~ (N/A)
@vercel vercel locked as resolved and limited conversation to collaborators Jan 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@merceyz merceyz merceyz left review comments

@timneutkens timneutkens timneutkens approved these changes

@ijjk ijjk ijjk left review comments

@divmain divmain Awaiting requested review from divmain

@lfades lfades Awaiting requested review from lfades

@shuding shuding Awaiting requested review from shuding

Assignees
No one assigned
Labels
type: next
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kachkaev @ijjk @vwatel @timneutkens @merceyz