Dependency update for jest-reporters, addressing CVE-2022-25883#14401
Conversation
✅ Deploy Preview for jestjs ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
9a2831e to
6da7366
Compare
|
The fixed That said, happy to upgrade to the new major here regardless. Could you run |
7bbe8ce to
ddf8a7f
Compare
|
@SimenB I've added Changelog message and signed the EasyCLA (10 times now), but it doesn't seem to update. Then there seems to be a timeout test error https://github.com/jestjs/jest/actions/runs/5822710774/job/15788003352?pr=14401#step:7:121 |
- istanbul-lib-instrument updated from 5.10.0 to 6.0.0 - istanbul-lib-instrument dropping support for node 10 - fixing semver vuln. CVE-2022-25883
fe92f35 to
94c1216
Compare
|
@SimenB I've squashed changes. CLA is sloved. |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Summary
Addressing https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 for semver coming in fromistanbul-lib-instrument@^5.1.0 and below.
See: istanbuljs/istanbuljs#731
Test plan
Green CI.