diff options
author | Takuya Noguchi <takninnovationresearch@gmail.com> | 2019-07-01 18:49:53 +0900 |
---|---|---|
committer | Takuya Noguchi <takninnovationresearch@gmail.com> | 2019-07-01 18:56:28 +0900 |
commit | e549a7fb1f364395c20522e5395e22a2bf434ed0 (patch) | |
tree | 694756dec5e37b955bd4bdd28a8ea650eb0baadb /changelogs | |
parent | 8775e4a1faf13a01451e71ea9ef729dc52e6d3c1 (diff) | |
download | gitlab-ce-e549a7fb1f364395c20522e5395e22a2bf434ed0.tar.gz |
Update mixin-deep to 1.3.2
To address a Prototype Pollution vulnerability,
which exists in `mixin-deep` package, versions
`>=2.0.0 <2.0.1 || <1.3.2` (CVE-2019-10746).
- Diff: https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2
- Synk ID: https://app.snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml b/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml new file mode 100644 index 00000000000..a0ef34f3700 --- /dev/null +++ b/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml @@ -0,0 +1,5 @@ +--- +title: Update mixin-deep to 1.3.2 +merge_request: 30223 +author: Takuya Noguchi +type: other |