Chore: bump cache-manager from 3.6.0 to 3.6.1 #175
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
바뀐점
cache-manager의 version이 3.6.0에서 3.6.1로 upgrade되었습니다
바꾼이유
async의 보안성 이슈를 해결하기 위함
설명
ejs에서 종속중인 jake에서 사용중인 0.9.2 버전에도 같은 이슈가 존재합니다
jake 레포에서도 관련 이슈가 언급되었고
jakejs/jake#408
관련 사항이 반영되었으나 아직 릴리즈되지는 않았습니다
jakejs/jake#411
새로운 jake버전이 릴리즈 되는대로 ejs버전도 upgrade 하도록 하겠습니다
*추가
ejs 레포에서도 관련 이슈가 언급되었고 영어가 약해 정확하진 않지만 아예 jake를 종속성에서 빼버리는 방향으로 진행하는거로 보이기도 하는군요...?
mde/ejs#659