Open jonathanloos opened 2 years ago
AllanJard
commented
2 years ago Good point, we've just assumed that the dependency of >= as is at the moment is good enough. That isn't the case for something such as this.
We have scripts which can update all of the distribution repos if you don't fancy changing them all, but if you do, it will be a lot of contributions to get you started in the OSS world :-).
jonathanloos
commented
2 years ago Hey @AllanJard ! Wow that was fast..
Although I do appreciate the exposure value for me of spraying PRs around I don't think the juice is worth the squeeze. If you guys have a tool to automate this by all means go ahead!
-Jon
AllanJard
commented
2 years ago Yup - we'll get it done :)
jonathanloos
commented
2 years ago @AllanJard do you have an estimated timeline for the fix? Don't mean to push, just trying to plan around this blocker.
AllanJard
commented
2 years ago We'll hopefully get the changes made today, but actually tagging and releasing everything might take a little while as this would be the only change.
AllanJard
commented
2 years ago That's it done (for example).
Was we tag up new releases these will progress through. Until then, an npm install or update should be bringing in the latest versions (unless you have a lock file restricting it to an older version).
jonathanloos
commented
2 years ago Great, thank you!
yarn auditreturning XSS vulnerability (https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544) fordatatables.net < 1.11.3. I'd like to propose an update to the distribution repositories to:datatables.net-bs4to point todatatables.net@1.11.3.datatables.net-bs4.If accepted this will be my first contribution to an open source project so please bear with me. If I missed anything here please let me know!
Best, Jon