Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade: bump inquirer to ^7.0.0 #12440

Merged
merged 1 commit into from Oct 17, 2019
Merged

Upgrade: bump inquirer to ^7.0.0 #12440

merged 1 commit into from Oct 17, 2019

Conversation

josgraha
Copy link
Contributor

What is the purpose of this pull request? (put an "X" next to item)
Bump inquirer package to ^7.0.0 because 6.x depends on lodash@4.17.12 which has Snyk Issue

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[x] Other, please explain:
Bump inquirer package to ^7.0.0 because 6.x depends on lodash@4.17.12 which has Snyk Issue

What changes did you make? (Give an overview)

Is there anything you'd like reviewers to focus on?

@jsf-clabot
Copy link

jsf-clabot commented Oct 15, 2019
edited

CLA assistant check
All committers have signed the CLA.

@eslint-deprecated eslint-deprecated bot added the triage An ESLint team member will look at this issue soon label Oct 15, 2019
@platinumazure platinumazure added cli Relates to ESLint's command-line interface upgrade This change is related to a dependency upgrade and removed triage An ESLint team member will look at this issue soon labels Oct 15, 2019
@platinumazure
Copy link
Member

Hi @josgraha, thanks for the PR!

I want to test this locally tonight, then I'll approve the changes. I'll leave this open in case others want to review.

@platinumazure
Copy link
Member

Note to merger: Commit message needs to start with "Upgrade:"

platinumazure
platinumazure approved these changes Oct 16, 2019
View reviewed changes
Copy link
Member

@platinumazure platinumazure left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks for contributing!

@josgraha
Copy link
Contributor Author

josgraha commented Oct 17, 2019
edited

I'm sorry folks but I misread the Snyk Issue which only applies to lodash prior to 4.17.12, I don't think this is required unless we just want to upgrade to the latest lodash in transitive dependencies

@platinumazure
Copy link
Member

Hi @josgraha, thanks for following up.

I think we can accept this upgrade anyway as it's pretty low risk, and dependency upgrades are something we sometimes struggle with here. So, I appreciate this contribution nonetheless. Thanks!

@g-plane g-plane changed the title [Security] bump inquirer to ^7.0.0 Upgrade: bump inquirer to ^7.0.0 Oct 17, 2019
@platinumazure platinumazure merged commit 561093f into eslint:master Oct 17, 2019
@josgraha josgraha deleted the security/inquirer branch October 17, 2019 14:56
This was referenced Nov 9, 2019
Open
Open
@snyk-bot snyk-bot mentioned this pull request Nov 21, 2019
Merged
@snyk-bot snyk-bot mentioned this pull request Dec 1, 2019
Merged
@snyk-bot snyk-bot mentioned this pull request Feb 13, 2020
Merged
@snyk-bot snyk-bot mentioned this pull request Feb 27, 2020
Merged
@a-martynovich a-martynovich mentioned this pull request Mar 10, 2020
Merged
This was referenced Mar 11, 2020
Merged
Open
This was referenced Mar 26, 2020
Merged
Merged
Merged
Open
This was referenced Apr 3, 2020
Merged
Merged
@eslint-deprecated eslint-deprecated bot locked and limited conversation to collaborators Apr 16, 2020
@eslint-deprecated eslint-deprecated bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Apr 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@platinumazure platinumazure platinumazure approved these changes

@kaicataldo kaicataldo kaicataldo approved these changes

Assignees
No one assigned
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion cli Relates to ESLint's command-line interface upgrade This change is related to a dependency upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@josgraha @jsf-clabot @platinumazure @kaicataldo