Skip to content
This repository has been archived by the owner on Sep 3, 2022. It is now read-only.

pin trim version #219

Merged
merged 2 commits into from
Nov 25, 2020
Merged

pin trim version #219

merged 2 commits into from
Nov 25, 2020

Conversation

pooyaj
Copy link
Contributor

@pooyaj pooyaj commented Nov 25, 2020
edited
Loading

Description

This PR patches the ReDoS vulnerability with the trim package. This package was used in the following dependencies:

  • component-querystring
  • facade ( the version used by AJS classic )
    I have to go to the yarn resolution route, as the component-querystring hasn't published the updated package.

Test plan

Testing completed successfully using local unit tests;
Testing completed successfully using local e2e build of the final bundle;

Release plan

Checklist

  • Thorough explanation of the issue/solution, and a link to the related issue
  • CI tests are passing
  • Unit tests were written for any new code
  • Code coverage is at least maintained, or increased.

@pooyaj pooyaj requested a review from a team November 25, 2020 00:46
@pooyaj pooyaj merged commit 3a0e777 into master Nov 25, 2020
@pooyaj pooyaj deleted the pj/patch_trim branch November 25, 2020 01:38
hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request Apr 16, 2021
@pooyaj @hbrls
pin trim version (segmentio#219)
4b779c6 
* pin trim version

* update History.md
hbrls pushed a commit to nice-fungal/analytics.js-core that referenced this pull request May 31, 2021
@pooyaj @hbrls
pin trim version (segmentio#219)
992a7f5 
* pin trim version

* update History.md
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@juliofarah juliofarah juliofarah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pooyaj @juliofarah