Skip to content

Update insecure dependencies (eslint, handlebars) #442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
geek merged 1 commit into from
Sep 15, 2015
Merged

Update insecure dependencies (eslint, handlebars) #442

geek merged 1 commit into from
Sep 15, 2015

Conversation

@fhemberger
Copy link
Contributor

@fhemberger fhemberger commented Sep 15, 2015

[email protected] (also used in eslint @1.3.1) requires [email protected], a
vulnerable version, see https://nodesecurity.io/advisories/module/uglify-js

This commit also addresses the changes introduced with the update of
both packages:

@fhemberger
Update insecure dependencies (eslint, handlebars)
df2b13e 
[email protected] (also used in eslint @1.3.1) requires [email protected], a
vulnerable version, see https://nodesecurity.io/advisories/module/uglify-js

This commit also addresses the changes introduced with the update of
both packages:

- eslint: Return the complete path of the linted file
  (see test/linters.js#30,51)
- handlebars: Depthed paths are now conditionally pushed on to the stack.
  (see handlebars-lang/handlebars.js#1028)
@hueniverse hueniverse added the dependency Update module dependency label Sep 15, 2015
@geek geek added this to the 5.16.2 milestone Sep 15, 2015
@geek geek self-assigned this Sep 15, 2015
@geek
Copy link
Member

geek commented Sep 15, 2015

@fhemberger thanks... happy to see eslint fixed that big bug on 1.4.0 :)

geek added a commit that referenced this pull request Sep 15, 2015
@geek
Merge pull request #442 from fhemberger/master
6169899 
Update insecure dependencies (eslint, handlebars)
@geek geek merged commit 6169899 into hapijs:master Sep 15, 2015
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@geek geek

Labels

dependency Update module dependency

Projects

None yet

Milestone

5.16.2

Development

Successfully merging this pull request may close these issues.

3 participants

@fhemberger @geek @hueniverse