You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flagon.apache.org by "Joshua Poore (JIRA)" <ji...@apache.org> on 2019/08/06 01:59:00 UTC

[jira] [Commented] (FLAGON-430) update rollup-plugin-license

    [ https://issues.apache.org/jira/browse/FLAGON-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16900536#comment-16900536 ] 

Joshua Poore commented on FLAGON-430:
-------------------------------------

updated to 0.10.0 in package.json

> update rollup-plugin-license
> ----------------------------
>
>                 Key: FLAGON-430
>                 URL: https://issues.apache.org/jira/browse/FLAGON-430
>             Project: Flagon
>          Issue Type: Task
>          Components: UserALE.js
>    Affects Versions: UserALE.js 2.0.2
>         Environment: node.js
>            Reporter: Joshua Poore
>            Assignee: Joshua Poore
>            Priority: Major
>             Fix For: UserALE.js 2.0.2
>
>         Attachments: Screen Shot 2019-07-25 at 8.55.42 PM.png
>
>
> We have one remaining Prototype Pollution vulnerability in dev dependencies for builds. rollup-plugin-license needs to update to latest lodash patch version. I have opened a ticket on their boards. [https://github.com/mjeanroy/rollup-plugin-license/issues/422]. Will patch when new patch version is available.
>  
> !Screen Shot 2019-07-25 at 8.55.42 PM.png!
>  



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)