Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade plist to v3.0.1 (CWE-400) #19243

Closed
wants to merge 1 commit into from
Closed

Upgrade plist to v3.0.1 (CWE-400) #19243

wants to merge 1 commit into from

Conversation

rajivshah3
Copy link
Contributor

@rajivshah3 rajivshah3 commented May 13, 2018
edited
Loading

Motivation

Upgrades plist to v3.0.1 as the current version (v1.2.0) is vulnerable to a Regex DoS: https://snyk.io/vuln/npm:plist:20180219

Test Plan

Not necessary

Release Notes

[GENERAL] [BUGFIX][package.json] Upgrade plist to v3.0.1

@rajivshah3 rajivshah3 requested a review from hramos as a code owner May 13, 2018 18:19
@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label May 13, 2018
@react-native-bot react-native-bot added the Missing Changelog This PR appears to be missing a changelog, or they are incorrectly formatted. label May 13, 2018
@pull-bot
Copy link

Warnings
⚠️

🔒 package.json - Changes were made to package.json. This will require a manual import by a Facebook employee.
⚠️

📋 Test Plan - This PR appears to be missing a Test Plan.

Generated by 🚫 dangerJS

@hramos
Copy link
Contributor

hramos commented May 14, 2018

Before I merge this, can you tell me why you think this does not need to be tested? Where is plist used? I am hesitant to land a PR that bumps a package by two major versions with no testing done.

@hramos hramos removed the Missing Changelog This PR appears to be missing a changelog, or they are incorrectly formatted. label May 14, 2018
@react-native-bot react-native-bot added Missing Changelog This PR appears to be missing a changelog, or they are incorrectly formatted. ✅Test Plan and removed ✅Test Plan labels May 14, 2018
@rajivshah3
Copy link
Contributor Author

@hramos I interpreted "Test Plan" to mean whether any changes to the tests need to be made. I tested these changes using yarn test and all of the related tests passed successfully

@rajivshah3
Copy link
Contributor Author

Closing in favor of #19373

@rajivshah3 rajivshah3 closed this May 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hramos hramos Awaiting requested review from hramos

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. Missing Changelog This PR appears to be missing a changelog, or they are incorrectly formatted.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rajivshah3 @pull-bot @hramos @facebook-github-bot @react-native-bot