Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update @octokit/request to ^5.6.3 to address a CVE #442

Merged
merged 4 commits into from Jan 26, 2022
Merged

Update @octokit/request to ^5.6.3 to address a CVE #442

merged 4 commits into from Jan 26, 2022

Conversation

eran-medan
Copy link
Contributor

@ghost ghost added this to Inbox in JS Jan 26, 2022
@wolfy1339 wolfy1339 added the Type: Bug Something isn't working as documented label Jan 26, 2022
@ghost ghost moved this from Inbox to Bugs in JS Jan 26, 2022
@wolfy1339
Copy link
Member

Can you also update package-lock.json

@wolfy1339 wolfy1339 merged commit 5c6c3a0 into octokit:master Jan 26, 2022
JS automation moved this from Bugs to Done Jan 26, 2022
@harringj
Copy link

harringj commented Jan 27, 2022
edited

Thanks for the quick patch! ❤️ Any idea when the next release will be cut, @wolfy1339 ?

@wolfy1339
Copy link
Member

A new release is cut every time a pull request is merged or commit is pushed that contains a fix, feature or breaking change.

The automated release process failed, and I don't have the credentials to cut a new release and push it to npm.

Also, the octokit modules are unmaintained.
For more information, check out this discussion, and subscribe for any further updates.

@eran-medan eran-medan deleted the patch-1 branch January 27, 2022 15:43
@eran-medan
Copy link
Contributor Author

Thanks for the update, I am contacting our GitHub account manager to get a formal response. This is a bit concerning to say the least...

@solvaholic solvaholic mentioned this pull request Feb 1, 2022
Closed
1 task
@github-actions
Copy link
Contributor

🎉 This PR is included in version 3.6.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

This was referenced Sep 6, 2022
Open
Open
This was referenced Sep 17, 2022
Open
Open
@NOUIY NOUIY mentioned this pull request Oct 1, 2022
Open
This was referenced Oct 3, 2022
Open
Open
This was referenced Oct 13, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wolfy1339 wolfy1339 wolfy1339 approved these changes

Assignees
No one assigned
Labels
Type: Bug Something isn't working as documented
Projects
No open projects
JS
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@eran-medan @wolfy1339 @harringj