Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[__tests__] npm upgrade cross-spawn #6856

Merged
merged 1 commit into from
Nov 22, 2024
Merged

[__tests__] npm upgrade cross-spawn #6856

merged 1 commit into from
Nov 22, 2024

Conversation

potatowagon
Copy link
Contributor

Address security vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21538

Package Dependency
Repository: facebook/lexical
Manifest file: scripts/tests/integration/fixtures/lexical-esm-astro-react/package-lock.json
Package name: cross-spawn
Affected versions: >= 7.0.0, < 7.0.5
Fixed in version: 7.0.5
Severity: HIGH

Copy link

vercel bot commented Nov 22, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
lexical ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 22, 2024 5:09am
lexical-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 22, 2024 5:09am

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Nov 22, 2024
Copy link

size-limit report 📦

Path Size
lexical - cjs 30.94 KB (0%)
lexical - esm 30.8 KB (0%)
@lexical/rich-text - cjs 39.6 KB (0%)
@lexical/rich-text - esm 32.66 KB (0%)
@lexical/plain-text - cjs 38.2 KB (0%)
@lexical/plain-text - esm 29.92 KB (0%)
@lexical/react - cjs 41.37 KB (0%)
@lexical/react - esm 34 KB (0%)

@potatowagon potatowagon added this pull request to the merge queue Nov 22, 2024
Merged via the queue into main with commit fe4f5b8 Nov 22, 2024
36 of 41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants