Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump Octokit deps to mitigate ReDos vulnerability #514

Merged
merged 1 commit into from
Feb 15, 2025
Merged

fix(deps): bump Octokit deps to mitigate ReDos vulnerability #514

merged 1 commit into from
Feb 15, 2025

Conversation

wolfy1339
Copy link
Member

Resolves #ISSUE_NUMBER

Before the change?

After the change?

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

@wolfy1339 wolfy1339 added the Type: Maintenance Tests, Refactorings, Automation, etc label Feb 14, 2025
@wolfy1339 wolfy1339 requested a review from gr2m February 14, 2025 21:53
@github-actions GitHub Actions
Copy link

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@gr2m gr2m merged commit 6408ccb into main Feb 15, 2025
9 checks passed
@gr2m gr2m deleted the bump-octokit branch February 15, 2025 00:09
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 8.1.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

@gr2m
Copy link
Contributor

gr2m commented Feb 15, 2025
edited
Loading

FYI if folks have automated dependency updates via Dependabot or Renovate setup, they will get pull requests that updated dependencies down the dependency tree by only updating the lock file (for security advisories). There is less need to do these releases that only update dependencies, they are still helpful to have of course. Thank you for all your help!

@wolfy1339
Copy link
Member Author

I'm aware of renovate and dependabot.

It's also more for users using ESM.sh, so that the whole dependency tree gets updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gr2m gr2m gr2m approved these changes

Assignees
No one assigned
Labels
released Type: Maintenance Tests, Refactorings, Automation, etc
Projects
🧰 Octokit Active
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wolfy1339 @gr2m