Update modules, vulnerability error #8263
Conversation
Update modules, vulnerability error when check dependencies Xray scan found vulnerability error in `handlebars` lib https://jfrog.com/integration/npm-xray/
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need the corporate CLA signed. If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
|
@scotthovestadt review please thanks! |
|
You'll need to update the lock file as well. |
|
And sign the CLA |
|
Note that the change in this PR will never be visible outside of this repo, so it's not really an issue at all, the published modules were fixed a couple of months ago by #7904, released in 24.3.0 |
I checked yarn.lock the same not need to update |
|
What's the status on this? The latest version of jest still has this vulnerability. |
|
which vulnerabilities? Again, this PR changes nothing for the published version of Jest |
I found this issue because I got an automated alert from github that handlebars 4.1.1 had a security vulnerability. When I did a |
|
Just upgrade it then. Easiest is probably to delete the whole |
|
With ^ I bumped the version in the published package from Jest. That won't be get a release anytime soon though, so your better of running |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Update modules, vulnerability error when check dependencies
Xray scan found vulnerability error in
handlebarslibhttps://jfrog.com/integration/npm-xray/