Skip to content

chore: Upgrade cross-spawn to 7.0.6 #19185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 3, 2024
Merged

chore: Upgrade cross-spawn to 7.0.6 #19185

merged 1 commit into from
Dec 3, 2024

Conversation

folortin
Copy link
Contributor

cross-spawn 7.0.6

@folortin folortin requested a review from a team as a code owner November 27, 2024 10:03
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Nov 27, 2024
edited
Loading

CLA Signed


The committers listed above are authorized under a signed CLA.

@eslint-github-bot
Copy link

Hi @folortin!, thanks for the Pull Request

The pull request title isn't properly formatted. We ask that you update the pull request title to match this format, as we use it to generate changelogs and automate releases.

  • The commit message tag wasn't recognized. Did you mean "docs", "fix", or "feat"?
  • There should be a space following the initial tag and colon, for example 'feat: Message'.

To Fix: You can fix this problem by clicking 'Edit' next to the pull request title at the top of this page.

Read more about contributing to ESLint here

@folortin folortin changed the title cross-spawn 7.0.6 fix: cross-spawn 7.0.6 Nov 27, 2024
@netlify Netlify
Copy link

netlify bot commented Nov 27, 2024
edited
Loading

Deploy Preview for docs-eslint canceled.

Name Link
🔨 Latest commit 67ba1ff
🔍 Latest deploy log https://app.netlify.com/sites/docs-eslint/deploys/6746ee78662d94000841022b

@eslint-github-bot eslint-github-bot bot added the bug ESLint is working incorrectly label Nov 27, 2024
@mdjermanovic
Copy link
Member

Hi @folortin, thanks for the PR! Can you please fill out the PR template? Also, since this change is tagged as fix, can you provide more details on what problem it fixes?

@lumirlumir
Copy link
Member

Hello, @mdjermanovic,

I believe this PR addresses a security vulnerability caused by the cross-spawn package.

When I run npm audit, I see a 'Severity: high' warning, as shown in the screenshot below.

image

@nzakas
Copy link
Member

nzakas commented Dec 3, 2024

There is a security advisory for cross-spawn < 6.0.6, but that's a transitive dependency for ESLint, so not within our control. The version we are using, 7.0.5, does not have this vulnerability. So this is just a chore.

@nzakas nzakas changed the title fix: cross-spawn 7.0.6 chore: Upgrade cross-spawn to 7.0.6 Dec 3, 2024
@eslint-github-bot eslint-github-bot bot added the chore This change is not user-facing label Dec 3, 2024
@mdjermanovic
Copy link
Member

Per the CHANGELOG, it also doesn't seem that any bugs or security issues were fixed in v7.0.6, compared to v7.0.5.

Either way, seems fine to merge this as a chore.

@mdjermanovic mdjermanovic merged commit cca801d into eslint:main Dec 3, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdjermanovic mdjermanovic mdjermanovic approved these changes

Assignees

No one assigned

Labels

bug ESLint is working incorrectly chore This change is not user-facing

Projects

Triage
Status: Complete

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@folortin @mdjermanovic @lumirlumir @nzakas