calvinmetcalf
commented
3 years ago this isn't actually a high severity bug here so I'll get around to this today or tomorrow, feel free to open a pull request if you want to speed things along
Open smeltofelderberries opened 3 years ago
calvinmetcalf
commented
3 years ago this isn't actually a high severity bug here so I'll get around to this today or tomorrow, feel free to open a pull request if you want to speed things along
arielperez82
commented
3 years ago @calvinmetcalf , I have a PR for this, which also resolves the Prototype Pollution vulnerability in y18n by upgrading to yargs 16.1.1.
All tests pass.
If you provide me the appropriate access rights, I can push up my branch and open a PR.
calvinmetcalf
commented
3 years ago you don't need any rights to open up a PR, just open it from you're forked version to mine
arielperez82
commented
3 years ago Ah, that's the rub. I never forked it. Just pulled down your repo and tried to create a branch.
I've attached the patch file here.
If that doesn't work, I can fork and open the PR.
Cheers.
On Fri, Nov 27, 2020 at 1:46 PM Calvin Metcalf notifications@github.com wrote:
you don't need any rights to open up a PR, just open it from you're forked version to mine
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734842628, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUTXIQF4NTML263GIQEJXLSR6USDANCNFSM4T7432ZQ .
calvinmetcalf
commented
3 years ago ok pushed up a fix will publish when tests pass
On Fri, Nov 27, 2020 at 1:16 PM Ariel Perez notifications@github.com wrote:
Ah, that's the rub. I never forked it. Just pulled down your repo and tried to create a branch.
I've attached the patch file here.
If that doesn't work, I can fork and open the PR.
Cheers.
On Fri, Nov 27, 2020 at 1:46 PM Calvin Metcalf notifications@github.com wrote:
you don't need any rights to open up a PR, just open it from you're forked version to mine
— You are receiving this because you commented. Reply to this email directly, view it on GitHub < https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734842628 , or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAUTXIQF4NTML263GIQEJXLSR6USDANCNFSM4T7432ZQ
.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734943793, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAITRH5DMQV65DGJ325GJM3SR7UJRANCNFSM4T7432ZQ .
-- -Calvin W. Metcalf
arielperez82
commented
3 years ago Awesome. Thanks.
I ran them locally and all looked good.
On Fri, Nov 27, 2020, 6:27 PM Calvin Metcalf notifications@github.com wrote:
ok pushed up a fix will publish when tests pass
On Fri, Nov 27, 2020 at 1:16 PM Ariel Perez notifications@github.com wrote:
Ah, that's the rub. I never forked it. Just pulled down your repo and tried to create a branch.
I've attached the patch file here.
If that doesn't work, I can fork and open the PR.
Cheers.
On Fri, Nov 27, 2020 at 1:46 PM Calvin Metcalf <notifications@github.com
wrote:
you don't need any rights to open up a PR, just open it from you're forked version to mine
— You are receiving this because you commented. Reply to this email directly, view it on GitHub <
https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734842628
, or unsubscribe <
https://github.com/notifications/unsubscribe-auth/AAUTXIQF4NTML263GIQEJXLSR6USDANCNFSM4T7432ZQ
.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734943793 , or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAITRH5DMQV65DGJ325GJM3SR7UJRANCNFSM4T7432ZQ
.
-- -Calvin W. Metcalf
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-734946300, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUTXIV4ZUAJA72NPPOWN7TSR7VSDANCNFSM4T7432ZQ .
wickedest
commented
3 years ago Note that this change should be a breaking change. Previously, copyfiles would work on node 8.x as it was using yargs 15.3.1, which was using engines >= 8. Now, copyfiles uses yargs 16.1.0, using engines >= 10.
arielperez82
commented
3 years ago Good callout Jamie.
On Mon, Nov 30, 2020 at 8:42 PM Jamie Peabody notifications@github.com wrote:
Note that this PR should be a breaking change. Previously, copyfiles would work on node 8.x as it was using yargs 15.3.1, which was using engines >= 8 https://github.com/yargs/yargs/blob/v15.3.1/package.json#L75. Now, copyfiles uses yargs 16.1.0, using engines >= 10 https://github.com/yargs/yargs/blob/v16.1.0/package.json#L117.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/calvinmetcalf/copyfiles/issues/96#issuecomment-736030926, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUTXIS2EWD6WJ52PMRCJILSSP7TVANCNFSM4T7432ZQ .
Hi,
There is a patch to a high severity vulnerability available for
yargs. Can you please update to version^16.0.0or so? It would resolve CVE-2020-7774.https://snyk.io/test/npm/yargs/15.3.1
Thank you in advance!