You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flagon.apache.org by "Joshua Poore (JIRA)" <ji...@apache.org> on 2019/08/06 01:59:00 UTC
[jira] [Closed] (FLAGON-430) update rollup-plugin-license
[ https://issues.apache.org/jira/browse/FLAGON-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Poore closed FLAGON-430.
-------------------------------
Resolution: Fixed
> update rollup-plugin-license
> ----------------------------
>
> Key: FLAGON-430
> URL: https://issues.apache.org/jira/browse/FLAGON-430
> Project: Flagon
> Issue Type: Task
> Components: UserALE.js
> Affects Versions: UserALE.js 2.0.2
> Environment: node.js
> Reporter: Joshua Poore
> Assignee: Joshua Poore
> Priority: Major
> Fix For: UserALE.js 2.0.2
>
> Attachments: Screen Shot 2019-07-25 at 8.55.42 PM.png
>
>
> We have one remaining Prototype Pollution vulnerability in dev dependencies for builds. rollup-plugin-license needs to update to latest lodash patch version. I have opened a ticket on their boards. [https://github.com/mjeanroy/rollup-plugin-license/issues/422]. Will patch when new patch version is available.
>
> !Screen Shot 2019-07-25 at 8.55.42 PM.png!
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)