chore(deps): update Lerna-Lite to fix git-url vulnerability issue#13290
chore(deps): update Lerna-Lite to fix git-url vulnerability issue#13290SimenB merged 3 commits intojestjs:mainfrom ghiscoding:chore/update-lerna-lite
git-url vulnerability issue#13290Conversation
- Dependency `parse-url` prior to 8.1.0 suffers from [CVE-2022-2900](https://nvd.nist.gov/vuln/detail/CVE-2022-2900#vulnCurrentDescriptionTitle).
|
Hi @ghiscoding! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
|
not sure how long it takes for the CLA to pass but anyway I did sign it after creating the PR |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Summary
Dependency
parse-urlprior to 8.1.0 suffers from CVE-2022-2900.git-url-parseas dependency of@lerna-lite/coreshould be upgraded to v13, henceparse-url^8.1.0.Test plan
no unit tests required