Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update karma and webpack-stream packages to address vulnerabilities #3966

Merged
merged 1 commit into from
Jul 16, 2019

Conversation

Fawke
Copy link
Contributor

@Fawke Fawke commented Jul 4, 2019

Type of change

  • Build related changes

Description of change

Update the karma and webpack-stream packages to address vulnerability in package braces, a nested dependency used by both the packages. The details of vulnerability can be found here.

Since the fix involves a major version upgrade (karma, v3.1.4 -> v4.1.0 & webpack-stream, v3.2.0 -> v5.2.1), it can be a potentially breaking change. Hence, care has been taken to make sure, gulp serve, gulp test and gulp build commands are working as expected.

@Fawke Fawke requested review from jsnellbaker and removed request for jsnellbaker July 4, 2019 11:04
@Fawke Fawke requested a review from robertrmartinez July 15, 2019 14:37
@Fawke Fawke added the needs 2nd review Core module updates require two approvals from the core team label Jul 15, 2019
@Fawke Fawke merged commit 6399ab1 into master Jul 16, 2019
jsnellbaker added a commit that referenced this pull request Jul 16, 2019
jsnellbaker added a commit that referenced this pull request Jul 16, 2019
leonardlabat pushed a commit to criteo-forks/Prebid.js that referenced this pull request Jul 30, 2019
leonardlabat pushed a commit to criteo-forks/Prebid.js that referenced this pull request Jul 30, 2019
VideoReach pushed a commit to VideoReach/Prebid.js that referenced this pull request Aug 1, 2019
VideoReach pushed a commit to VideoReach/Prebid.js that referenced this pull request Aug 1, 2019
sa1omon pushed a commit to gamoshi/Prebid.js that referenced this pull request Nov 28, 2019
sa1omon pushed a commit to gamoshi/Prebid.js that referenced this pull request Nov 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs 2nd review Core module updates require two approvals from the core team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants