You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Antonio-Maranhao (via GitHub)" <gi...@apache.org> on 2023/06/26 14:47:24 UTC
[GitHub] [couchdb-fauxton] Antonio-Maranhao opened a new pull request, #1399: Fix: 'npm audit fix' changes for semver
Antonio-Maranhao opened a new pull request, #1399:
URL: https://github.com/apache/couchdb-fauxton/pull/1399
## Overview
Partially addresses vulnerability [CVE-2022-25883](https://github.com/advisories/GHSA-c2qf-rxjj-qqgw) on `semver` by running `npm audit fix`.
There are still many uses of `semver <7.5.2` but they're all from dev dependencies - i.e. the vulnerability will not affect a Fauxton build.
## Testing recommendations
CI passes
## GitHub issue number
n/a
## Related Pull Requests
n/a
## Checklist
- [x] Code is written and works correctly;
- [x] Changes are covered by tests;
- [ ] Documentation reflects the changes;
- [ ] Update [rebar.config.script](https://github.com/apache/couchdb/blob/main/rebar.config.script) with the correct tag once a new Fauxton release is made
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [couchdb-fauxton] Antonio-Maranhao merged pull request #1399: Fix: 'npm audit fix' changes for semver
Posted by "Antonio-Maranhao (via GitHub)" <gi...@apache.org>.
Antonio-Maranhao merged PR #1399:
URL: https://github.com/apache/couchdb-fauxton/pull/1399
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org