Bump immer version for fixing security issue #10791
Conversation
Bump immer minor version to fix `Prototype Pollution` Security issue.
shamprasadrh
requested review from
ianschmitz,
iansu,
mrmckeb and
petetnt
as code owners
|
Hi @shamprasadrh! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
|
@shamprasadrh are you also getting an audit warning for |
yes, but I have not worked on this repo before. |
No I am not getting that issue. |
|
Thanks! |
* Revert "Revert "Update postcss packages" (#10216)" This reverts commit 3968923. * Revert "Update postcss packages" (#10216) This reverts commit 580ed5d. * Update postcss and loader * Update fork-ts-checker-webpack-plugin@5.2.1 References: * [hook rename](TypeStrong/fork-ts-checker-webpack-plugin#490) * [include/exclude](TypeStrong/fork-ts-checker-webpack-plugin#450) and [issue options](https://github.com/TypeStrong/fork-ts-checker-webpack-plugin#issues-options) * [release notes 5.0.0](https://github.com/TypeStrong/fork-ts-checker-webpack-plugin/releases/tag/v5.0.0) * Update fork-ts-checker-webpack-plugin 6.0.5 * Add css-minimizer-webpack-plugin@1.1.5 remove Add css-minimizer-webpack-plugin@1.1.5 Remove optimize-css-assets-webpack-plugin and postcss-safe-parser References: * https://webpack.js.org/plugins/css-minimizer-webpack-plugin/ * Add support for Webpack 5 message objects * Update WebpackManifestPlugin to v3.0.0 * Support both "SingleEntryPlugin" and "EntryPlugin" * Support Webpack 5 IgnorePlugin signature Reference: * https://webpack.js.org/plugins/ignore-plugin/#example-of-ignoring-moment-locales * #10006 * Update webpack and dev server * Enable persistent cache * Fix react-error-overlay webpack * Fix dev server config * Remove support for SingleEntryPlugin * update workbox-webpack-plugin * Fix post css config * Comment out WebpackManifestPlugin for now having issues with undefined path * Add fast refresh entries to ModuleScopePlugin * Format files * Remove unused variables in start command * git ignore tsconfig.tsbuildinfo supporting incremental typescript builds * simplify output path review feedback from @kumarlachhani * Use asset modules in react-scripts * Use asset modules in react-error-overlay * eslint-config-react-app typo fix (#10317) This just fixes a shell snippet in the readme file for this plugin * Fix link address (#10907) Replace the Github home link with a link to the repo's main page or a link to the source (https://github.com/CodeByZach/pace/blob/master/pace.js) * Bump immer version for fixing security issue (#10791) Bump immer minor version to fix `Prototype Pollution` Security issue. * test(create-react-app): add integration tests (#10381) * Revert "Use asset modules in react-error-overlay" This reverts commit 952f896. * Disable broken tests for now * Revert source-map bump in react-error-overlay * JSON is using default export * Webpack config: Remove invalid parser configuration * Fix issue with ModuleScope and babel runtime * Fix svgr configuration * Webpack config svg use file-loader instead of url-loader * Update postcss-normalize * Fix asset output name * Update test matrix using node 12+14 postcss normalize only support node >=12 * Fix file output extension * Align assetModuleFilename * pipeline update configuration names * Add back webpack-manifest-plugin * Fix kitchen sink get actual href value .href is prefixed with http://localhost etc. * Update kitchen sink test to webpack 5 asset modules * Let webpack handle global this * Fix eject copy config/webpack/persistentCache folder * Move tsbuildinfo into cache folder * Update dependencies * Update webpack-dev-server to beta.3 * Compilation.modules changed to type Set reference: comment by @slorber #9994 (comment) * Format JsonInclusion.js using prettier * Run prettier on webpack dev server config * Enable e2e behavior tests using node 12+14 * Comment out e2e behavior tests for now * Add experimental support for module federation * Fix missing wds socket path update accordingly to review by @xiaokekeT * Revert "Add experimental support for module federation" This reverts commit 8fdc63b. Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> Co-authored-by: jasonwilliams <jase.williams@gmail.com> Co-authored-by: Joseph Atkins-Turkish <spacerat3004@gmail.com> Co-authored-by: e-w-h <46170930+e-w-h@users.noreply.github.com> Co-authored-by: Shamprasad RH <shamprasad.rh@mail.weir> Co-authored-by: James George <jamesgeorge998001@gmail.com>
Bump immer minor version to fix `Prototype Pollution` Security issue.
Bump immer minor version to fix `Prototype Pollution` Security issue.
Bump immer minor version to fix `Prototype Pollution` Security issue.
Bump immer minor version to fix
Prototype PollutionSecurity issue.