search

kurttheviking / git-rev-sync-js

Synchronously get the current git commit hash, tag, or branch
MIT License
171 stars 58 forks source link

Bump version of shelljs to avoid vulnerability #66

Closed TimothyJones closed 2 years ago

TimothyJones commented 2 years ago

See https://security.snyk.io/vuln/SNYK-JS-SHELLJS-2332187

TimothyJones commented 2 years ago

Hi! I have a project that depends on this, and there has recently been a high severity vulnerability disclosed affecting versions of shelljs < 0.8.5.

This project used 0.8.4, and the upgrade to the latest (0.8.5) was a non-breaking change.

All the tests pass, please let me know if there's anything I can do to help get this released.

akerpelm commented 2 years ago

LGTM. @kurttheviking is it possible to merge this PR and therefore close out this vulnerability? Thanks!

kurttheviking commented 2 years ago

released as git-rev-sync@3.0.2, ptal -- thanks!

akerpelm commented 2 years ago

excellent, thank you Kurt!