sbehrens
commented
6 years ago Hi @greysteil Thanks for the fix, we have a few more third party deps we'll need to upgrade as well, just haven't had a chance to work through the migration.
Closed greysteil closed 6 years ago
sbehrens
commented
6 years ago Hi @greysteil Thanks for the fix, we have a few more third party deps we'll need to upgrade as well, just haven't had a chance to work through the migration.
greysteil
commented
6 years ago Rad. Would you be up for using Dependabot to get those updates done?
I wrote it and can help out, but it's got a few thousand users now so should be relatively smooth sailing. It's totally free for open source (obviously), and should save you some time.
You'd also be helping out the community by having it run on this repo - it collects the CI results from each update PR it creates to create a compatibility score for each new version. Having big open source repos with good test suites using it means we can then feed back any bugs in new versions to the maintainers, including a link to the test run as a reproduction case.
Includes a fix for CVE-2018-8048.