Upgrade y18n package to v4.0.1 #3634

kyoto · 2020-12-17T11:22:43Z

Upgrade y18n package (used by the React UI) from v4.0.0 to v4.0.1, which fixes CVE-2020-7774.

See https://github.com/yargs/y18n/blob/v4/CHANGELOG.md#401-2020-11-30

(Issue is also fixed in y18n v5.0.5)

This is the same issue as prometheus/prometheus#8282

kakkoyun · 2020-12-17T11:38:19Z

@kyoto Thanks for opening this. We should take care of it. Help wanted.
Also, it's curious that we haven't alerted by the dependabot?

stale · 2021-02-15T14:04:57Z

Hello 👋 Looks like there was no activity on this issue for the last two months.
Do you mind updating us on the status? Is this still reproducible or needed? If yes, just comment on this PR or push a commit. Thanks! 🤗
If there will be no activity in the next two weeks, this issue will be closed (we can always reopen an issue if we need!). Alternatively, use remind command if you wish to be reminded at some point in future.

kyoto · 2021-03-16T01:34:57Z

This was fixed by #3813

kakkoyun added bug component: UIs/ReactJS help wanted labels Dec 17, 2020

spaparaju mentioned this issue Feb 4, 2021

upgrade package y18n to version: 4.0.1 #3770

Closed

2 tasks

stale bot added the stale label Feb 15, 2021

onprem removed the stale label Feb 18, 2021

kyoto closed this as completed Mar 16, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade y18n package to v4.0.1 #3634

Upgrade y18n package to v4.0.1 #3634

kyoto commented Dec 17, 2020 •

edited

Loading

kakkoyun commented Dec 17, 2020

stale bot commented Feb 15, 2021

kyoto commented Mar 16, 2021

Upgrade y18n package to v4.0.1 #3634

Upgrade y18n package to v4.0.1 #3634

Comments

kyoto commented Dec 17, 2020 • edited Loading

kakkoyun commented Dec 17, 2020

stale bot commented Feb 15, 2021

kyoto commented Mar 16, 2021

kyoto commented Dec 17, 2020 •

edited

Loading