New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't use mongoose 5.10.7 #8278
Don't use mongoose 5.10.7 #8278
Conversation
resolved strapi#8066 Signed-off-by: Jonas De Kegel <jonas@fluid.desi>
Codecov Report
@@ Coverage Diff @@
## master #8278 +/- ##
==========================================
+ Coverage 33.02% 33.04% +0.01%
==========================================
Files 1219 1219
Lines 13568 13573 +5
Branches 1348 1348
==========================================
+ Hits 4481 4485 +4
- Misses 8205 8206 +1
Partials 882 882
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great thanks I was waiting for the release and didn't see it :)
This pull request has been mentioned on Strapi Community. There might be relevant details there: https://forum.strapi.io/t/new-release-strapi-v3-2-4-security-fix/509/1 |
resolves #8066
Signed-off-by: Jonas De Kegel jonas@fluid.desi
Description of what you did:
bumped mongoose to 5.10.8 as requested here AND manually ensure 5.10.7 was not used in yarn.lock (for some reason yarn kept resolving
^5.5.13
to 5.10.7 even though it was the only remaining 5.10.7 usage (it should've switched to 5.10.8); manually updating the yarn.lock did make yarn see this, also after subsequent changes (but it will be important to check this on merge if there are lock conflicts)