bower icon indicating copy to clipboard operation
bower copied to clipboard

Published 20 hours ago verified publisher icon bower

Fixes #2616: Update insecure minimist dependency version

Open IceCreamYou opened this issue 2 years ago • 3 comments

Fixes this security advisory: https://github.com/advisories/GHSA-xvch-5gv4-984h

I reviewed the commits between minimist versions and didn't see anything that looked like it would cause compatibility issues with the one place this dependency is used here, but I did not test exhaustively that the upgrade did not break things.

IceCreamYou avatar Apr 01 '22 07:04 IceCreamYou

@IceCreamYou the contributing guidelines specified a feature branch in the fork, not sure if the maintainers will consider master as a feature branch? Maintainers: Is there a standard practice for testing dependency updates thoroughly? I'm guessing you're looking for more than running the tests?

amark-axcient avatar Apr 07 '22 16:04 amark-axcient

The branch used in my fork makes no difference here. Feature branches are recommended because that'd be needed if I had multiple PRs open at once.

IceCreamYou avatar Apr 07 '22 17:04 IceCreamYou

semantics, they specifically ask that contributors create a new topic branch and I was trying to determine if that could be why this PR isn't being reviewed

amark-axcient avatar Apr 07 '22 18:04 amark-axcient