chore: upgrade less which fixes a severity vulnerability #4411
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
CI fail: Please run |
bkcsoft
added
the
lgtm/need 2
Codecov Report
@@ Coverage Diff @@
## master #4411 +/- ##
=======================================
Coverage 20.06% 20.06%
=======================================
Files 153 153
Lines 30769 30769
=======================================
Hits 6174 6174
Misses 23652 23652
Partials 943 943Continue to review full report at Codecov.
|
lafriks
added
the
topic/build
lafriks
approved these changes
Jul 10, 2018
bkcsoft
added
lgtm/need 1
|
This looks like it only goes to less v3.5.3, but latest version of less is v3.6.0. There is a newer PR that goes to that version #4415 |
|
The latest version published 11 hours ago. If you want the latest version you can merge #4415 and ignore this one. :) |
|
Closing in favor of latest version |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upgrade less to the latest version due to npm found a severity vulnerability
➜ gitea git:(master) npm audit === npm audit security report === # Run npm update stringstream --depth 3 to resolve 1 vulnerability ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Out-of-bounds Read │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ stringstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ less [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ less > request > stringstream │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/664 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 moderate severity vulnerability in 85 scanned packages run `npm audit fix` to fix 1 of them.