search

wpengine / github-action-wpe-site-deploy

A GitHub Action to deploy code directly to WP Engine.
MIT License
173 stars 36 forks source link

[CICD-381] Bump @changesets/cli > 2.26.2 (resolve semver vuln) #75

Closed sarahricker closed 1 year ago

sarahricker commented 1 year ago

JIRA Ticket

CICD-381

What Are We Doing Here

Here is where you should describe the problem you are solving, adding any fine details on the solution that might otherwise not be recognizable for someone unfamiliar with the changes. Add some pictures if it helps.

Bump @changesets/cli > 2.26.2 to resolve the semver vulnerability

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patched versions 7.5.2 6.3.1 5.7.2

changeset-bot[bot] commented 1 year ago

🦋 Changeset detected

Latest commit: 93e20a983bb93f3de8cdc6df664fee03d6d2c31b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package | Name | Type | | --------------------------------------- | ----- | | @wpengine/github-action-wpe-site-deploy | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR