Skip to content

Commit

Permalink
chore: upgrade lerna to fix CVE with tar dependency (#4555)
Browse files Browse the repository at this point in the history 
See GHSA-f5x3-32g6-xq36
The affected version of `tar` is only used in build tooling, i.e. no risk to published packages.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license].

[Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0
  • Loading branch information
@mrgrain
mrgrain committed Jun 26, 2024
1 parent b4cc08c commit 7b91e7a
Show file tree
Hide file tree
Showing 2 changed files with 606 additions and 635 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"jest-circus": "^28.1.3",
"jest-config": "^28.1.3",
"jest-expect-message": "^1.1.3",
"lerna": "^8.1.2",
"lerna": "^8.1.5",
"prettier": "^3.2.5",
"standard-version": "^9.5.0",
"ts-node": "^10.9.2",
Expand Down

0 comments on commit 7b91e7a

Please sign in to comment.