You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flagon.apache.org by "Joshua Poore (JIRA)" <ji...@apache.org> on 2019/07/26 01:27:00 UTC

[jira] [Created] (FLAGON-423) Update Package File to Fix Down Stream Dependencies

Joshua Poore created FLAGON-423:
-----------------------------------

             Summary: Update Package File to Fix Down Stream Dependencies
                 Key: FLAGON-423
                 URL: https://issues.apache.org/jira/browse/FLAGON-423
             Project: Flagon
          Issue Type: Sub-task
          Components: UserALE.js
    Affects Versions: UserALE.js 2.0.0, UserALE.js 2.0.1
         Environment: node.js
            Reporter: Joshua Poore
            Assignee: Joshua Poore
             Fix For: UserALE.js 2.0.1, UserALE.js 2.0.0


Because the Prototype Pollution vulnerability is so pervasive, npm is rolling back their "immutable" registry policy to allow for fixes to previous versions of ubiquitous dependencies (set-value, mixit, lodash). These fixes will bubble up to existing versions of major userale.js dev dependencies (gulp, nodemon, babel, etc., etc.). However, as the registry will accept changes to prior versions of dependencies, the hashes on these dependencies will change. This requires that we regenerate our package.json file. 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)