Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rspack v1.1.8 #23363

Merged
merged 1 commit into from
Dec 20, 2024
Merged

Rspack v1.1.8 #23363

merged 1 commit into from
Dec 20, 2024

Conversation

silamon
Copy link
Contributor

@silamon silamon commented Dec 20, 2024

Rspack have encountered an attack, @rspack/core and @rspack/cli 1.1.7 are vulnerable versions released by the attacker, and contain malicious scripts. Let's move it to the latest version before dependabot/renovate picks it up.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@rspack/cli (source) 1.1.6 -> 1.1.8 age adoption passing confidence
@rspack/core (source) 1.1.6 -> 1.1.8 age adoption passing confidence

@bramkragten
Copy link
Member

1.1.17 has been pulled, so we can not update to that version :-)

@silamon
Copy link
Contributor Author

silamon commented Dec 20, 2024

1.1.17 has been pulled, so we can not update to that version :-)

1.1.7 indeed, I'm opening a PR for 1.1.8 to give dependabot or renovate no chance to pick it up:
web-infra-dev/rspack#8767

@bramkragten
Copy link
Member

Yeah, I understand, but I mean renovate can not update to 1.1.7 anymore as it has been pulled 🙃

@bramkragten bramkragten merged commit 1f7929b into home-assistant:dev Dec 20, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants