search

OfficeDev / Office-Addin-Scripts

A set of scripts and packages that are consumed in Office add-ins projects.
MIT License
156 stars 99 forks source link

[patch] Fix teamsfx-cli vulnerability #801

Closed millerds closed 1 year ago

millerds commented 1 year ago

Thank you for your pull request!

Please add '[major]', '[minor]', or [patch] to the title to indicate the impact the change has on the code. Please also provide the following information.

Change Description: Updating the version of teamsfx-cli to an alpha version that takes care of their vulnerability. Note that teams fx won't ship the fix until next month, but the vulnerability is a critical one, so we are taking this change now and that will have to make an update to the shipped version later.

  1. Do these changes impact command syntax of any of the packages? (e.g., add/remove command, add/remove a command parameter, or update required parameters) No.

  2. Do these changes impact documentation? (e.g., a tutorial on https://learn.microsoft.com/office/dev/add-ins/overview/office-add-ins) No.

If you answered yes to any of these please do the following:

Include 'Rick-Kirkham' in the review Make sure the README file is correct

Validation/testing performed: Used a test project with the updated office-addin-dev-settings package to run the add-in

millerds commented 1 year ago

Can I get a review?

timwan10 commented 1 year ago

Looks good. Just out of curiosity, are the changes in the .ts file done manually? or auto-generated?

millerds commented 1 year ago

Looks good. Just out of curiosity, are the changes in the .ts file done manually? or auto-generated?

The changes to package.json and publish.ts file are manual . . . the package-lock.json file is generated.