Merged
Conversation
rekmarks
approved these changes
Jul 29, 2020
Gudahtt
added a commit
that referenced
this pull request
Jul 30, 2020
* origin/develop: (582 commits) Use async/await for seedPhraseVerifier.verifyAccounts (#9100) Use async/await for getRestrictedMethods (#9099) Update dependencies (#9105) update email us to contact us (#9104) Improve source maps (#9101) Update font family globally (#9073) rpc-cap@3.1.0 (#9103) Use environment variable for production Sentry DSN (#9097) Only log error on first occurrence of missing substitution (#9096) Use mixins for typography instead of placeholder selectors (#9072) Update css folder structure (#9071) Disable Sentry in development (#9095) Use environment variable for MetaMetrics project ID (#9094) Use development metametrics project during tests (#9093) json-rpc-engine@5.2.0 (#9091) fixup! call initializeProvider where necessary call initializeProvider where necessary Add euclid fontface (#9018) fix timing-reliant network controller test Robustify permissions controller requestUserApproval tests (#9064) ...
Gudahtt
pushed a commit
that referenced
this pull request
Aug 7, 2020
This change updates the following two dependencies to address high severity advisories in the production dependencies: * Use elliptic@6.5.3 * Use dot-prop@5.2.0 The public advisories: - `elliptic`: [npm](https://www.npmjs.com/advisories/1547) - `dot-prop`: [npm](https://www.npmjs.com/advisories/1213), [GHSA-ff7x-qrg7-qggm](GHSA-ff7x-qrg7-qggm) I don't believe there to be any functional changes here: - I don't think we hit any (important?) codepaths of the whole `ipld-zcash/zcash-bitcore-lib/elliptic` subtree of 3Box - `dot-prop` doesn't have a changelog but; - Looking through [`v3.0.0...v4.0.0`](sindresorhus/dot-prop@v3.0.0...v4.0.0) it would seem that the breaking change was requiring Node.js 4 ([`88b6eb6`](sindresorhus/dot-prop@88b6eb6)) - The only breaking change listed for [v5.0.0](https://github.com/sindresorhus/dot-prop/releases/tag/v5.0.0) was requiring Node.js 8.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR updates the following two dependencies to address high severity advisories in the production dependencies:
elliptic@6.5.3dot-prop@5.2.0The public advisories:
elliptic: npmdot-prop: npm, GHSA-ff7x-qrg7-qggmI don't believe there to be any functional changes here:
ipld-zcash/zcash-bitcore-lib/ellipticsubtree of 3Boxdot-propdoesn't have a changelog but;v3.0.0...v4.0.0it would seem that the breaking change was requiring Node.js 4 (88b6eb6)