Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump vulnerable ua-parser-js version #3714

Merged
merged 1 commit into from
Oct 25, 2021
Merged

Conversation

hom3chuk
Copy link

There's a malicious ua-parser-js NPM takeover, this PR bumps ua-parser-js version to the safe 0.7.30.

Security advisory: GHSA-pjwm-rvh2-c87w
GH thread: faisalman/ua-parser-js#536

@google-cla
Copy link

google-cla bot commented Oct 25, 2021

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.


What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@hom3chuk
Copy link
Author

@googlebot I signed it!

Copy link
Collaborator

@devoto13 devoto13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

@jginsburgn jginsburgn merged commit 6f2b2ec into karma-runner:master Oct 25, 2021
@karmarunnerbot
Copy link
Member

🎉 This PR is included in version 6.3.6 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants