Skip to content

require yarn 1.21.1 to avoid binary planting vuln #52899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 12, 2019
Merged

require yarn 1.21.1 to avoid binary planting vuln #52899

merged 1 commit into from
Dec 12, 2019

Conversation

@spalger
Copy link
Contributor

@spalger spalger commented Dec 12, 2019

To avoid https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli we should require yarn 1.21.1, which is the most recent version of Yarn.

@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 12, 2019

💚 Build Succeeded

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@spalger spalger marked this pull request as ready for review December 12, 2019 17:07
@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 12, 2019

Pinging @elastic/kibana-operations (Team:Operations)

@spalger spalger added v6.8.6 release_note:skip Skip the PR/issue when compiling release notes labels Dec 12, 2019
@spalger spalger merged commit c8b42f0 into elastic:master Dec 12, 2019
This was referenced Dec 12, 2019
Merged
Merged
spalger pushed a commit to spalger/kibana that referenced this pull request Dec 12, 2019
require yarn 1.21.1 to avoid binary planting vuln (elastic#52899)
7608b8f
spalger pushed a commit to spalger/kibana that referenced this pull request Dec 12, 2019
require yarn 1.21.1 to avoid binary planting vuln (elastic#52899)
b74d171
spalger pushed a commit to spalger/kibana that referenced this pull request Dec 12, 2019
require yarn 1.21.1 to avoid binary planting vuln (elastic#52899)
c062820 
# Conflicts:
#	x-pack/package.json
@spalger spalger mentioned this pull request Dec 12, 2019
Merged
spalger pushed a commit that referenced this pull request Dec 12, 2019
[7.5] require yarn 1.21.1 to avoid binary planting vuln (#5289… (#52924)
0909af8 
* require yarn 1.21.1 to avoid binary planting vuln (#52899)

* force use of yarn 1.21.1
@spalger
Copy link
Contributor Author

spalger commented Dec 12, 2019

7.x/7.6: c95fa97
7.5: 0909af8
6.8: a174acf

@spalger spalger deleted the upgrade/yarn branch December 12, 2019 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbudz jbudz jbudz approved these changes

+1 more reviewer

@tylersmalley tylersmalley tylersmalley approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:Operations Kibana-Operations Team v6.8.6 v7.5.1 v7.6.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@spalger @elasticmachine @tylersmalley @jbudz