Closed melanieseltzer closed 5 years ago
It seems like the compromised versions got unpublished, so this shouldnât be a big problem for us.
Ah phew. Yeah looks like flatmap-stream gets removed after doing a yarn install
. Probably not critical now but it probably wouldn't hurt to update ps-tree regardless.
@AWolf81 Created! #344
@AWolf81 CircleCI is failing again đ€ Also confused about the -8.4% diff, wasn't master just merged into this branch? So shouldn't coverage be the same since the only change here is package related?
@melanieseltzer it's failing because there is a small bug in master. Duplicate translateX
statement in Sidebar component - see a commit in feature-terminal-links
branch for how to fix it. translateX
is already handled in attrs
a few lines above - seems like this is from a merge and we haven't noticed that it was added.
Codecov not updated because of the failing test. Coverage should be OK after fixing that.
There is a security vulnerability affecting event-stream (see here).
It's recommended to upgrade to ps-tree@1.1.1+ which locks event-stream to 3.3.4 (before the vulnerability) - see here. Although they just released ps-tree@1.2.0 which is what I pinned here. But should we still use ps-tree@1.1.1 regardless?