Skip to content

Commit

Permalink
fix(parse): enforce secure version of conventional-commits-parser (#…
Browse files Browse the repository at this point in the history
…2776)

Ensure that installing `@commitlint/parse` will not accidentally depend
on an insecure version of `conventional-commits-parser` by requiring
v3.22.2 or above as a dependency.
  • Loading branch information
tubbo authored Sep 28, 2021
1 parent 1c91003 commit a351801
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 13 deletions.
2 changes: 1 addition & 1 deletion @commitlint/parse/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"dependencies": {
"@commitlint/types": "^13.1.0",
"conventional-changelog-angular": "^5.0.11",
"conventional-commits-parser": "^3.0.0"
"conventional-commits-parser": "^3.2.2"
},
"gitHead": "70f7f4688b51774e7ac5e40e896cdaa3f132b2bc"
}
23 changes: 11 additions & 12 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -4038,31 +4038,30 @@ conventional-commits-filter@^2.0.7:
lodash.ismatch "^4.4.0"
modify-values "^1.0.0"

conventional-commits-parser@^3.0.0:
version "3.0.8"
resolved "https://registry.npmjs.org/conventional-commits-parser/-/conventional-commits-parser-3.0.8.tgz#23310a9bda6c93c874224375e72b09fb275fe710"
integrity sha512-YcBSGkZbYp7d+Cr3NWUeXbPDFUN6g3SaSIzOybi8bjHL5IJ5225OSCxJJ4LgziyEJ7AaJtE9L2/EU6H7Nt/DDQ==
conventional-commits-parser@^3.2.0:
version "3.2.1"
resolved "https://registry.npmjs.org/conventional-commits-parser/-/conventional-commits-parser-3.2.1.tgz#ba44f0b3b6588da2ee9fd8da508ebff50d116ce2"
integrity sha512-OG9kQtmMZBJD/32NEw5IhN5+HnBqVjy03eC+I71I0oQRFA5rOgA4OtPOYG7mz1GkCfCNxn3gKIX8EiHJYuf1cA==
dependencies:
JSONStream "^1.0.4"
is-text-path "^1.0.1"
lodash "^4.17.15"
meow "^5.0.0"
split2 "^2.0.0"
through2 "^3.0.0"
meow "^8.0.0"
split2 "^3.0.0"
through2 "^4.0.0"
trim-off-newlines "^1.0.0"

conventional-commits-parser@^3.2.0:
version "3.2.1"
resolved "https://registry.npmjs.org/conventional-commits-parser/-/conventional-commits-parser-3.2.1.tgz#ba44f0b3b6588da2ee9fd8da508ebff50d116ce2"
integrity sha512-OG9kQtmMZBJD/32NEw5IhN5+HnBqVjy03eC+I71I0oQRFA5rOgA4OtPOYG7mz1GkCfCNxn3gKIX8EiHJYuf1cA==
conventional-commits-parser@^3.2.2:
version "3.2.2"
resolved "https://registry.npmjs.org/conventional-commits-parser/-/conventional-commits-parser-3.2.2.tgz#190fb9900c6e02be0c0bca9b03d57e24982639fd"
integrity sha512-Jr9KAKgqAkwXMRHjxDwO/zOCDKod1XdAESHAGuJX38iZ7ZzVti/tvVoysO0suMsdAObp9NQ2rHSsSbnAqZ5f5g==
dependencies:
JSONStream "^1.0.4"
is-text-path "^1.0.1"
lodash "^4.17.15"
meow "^8.0.0"
split2 "^3.0.0"
through2 "^4.0.0"
trim-off-newlines "^1.0.0"

conventional-recommended-bump@^6.1.0:
version "6.1.0"
Expand Down

0 comments on commit a351801

Please sign in to comment.