Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need to Bump js-yaml from 3.12.1 to 3.13.1 in /sdks/nodejs #868

Closed
markmandel opened this issue Jul 3, 2019 · 1 comment · Fixed by #945
Closed

Need to Bump js-yaml from 3.12.1 to 3.13.1 in /sdks/nodejs #868

markmandel opened this issue Jul 3, 2019 · 1 comment · Fixed by #945
Assignees
Labels
area/security Issues pertaining to security area/user-experience Pertaining to developers trying to use Agones, e.g. SDK, installation, etc
Milestone

Comments

@markmandel
Copy link
Member

2 js-yaml vulnerabilities found in …/nodejs/package-lock.json 28 days ago
Remediation
Upgrade js-yaml to version 3.13.1 or later. For example:

"dependencies": {
  "js-yaml": ">=3.13.1"
}

or…

"devDependencies": {
  "js-yaml": ">=3.13.1"
}

WS-2019-0032
WS-2019-0063

@markmandel markmandel added the area/security Issues pertaining to security label Jul 3, 2019
@markmandel
Copy link
Member Author

/cc @KamiShepard @steven-supersolid - figure you might want to know about this, since you use this the most (I think)

@roberthbailey roberthbailey self-assigned this Jul 24, 2019
@markmandel markmandel added the area/user-experience Pertaining to developers trying to use Agones, e.g. SDK, installation, etc label Jul 24, 2019
@markmandel markmandel added this to the 0.12.0 milestone Aug 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security Issues pertaining to security area/user-experience Pertaining to developers trying to use Agones, e.g. SDK, installation, etc
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants