Skip to content

Fix critical vulnerability CWE-78 #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 18, 2018
Merged

Fix critical vulnerability CWE-78 #19

merged 3 commits into from
May 18, 2018

Conversation

JamesCodes
Copy link
Contributor

I have simply fixed the linting errors in the PR raised by @Narvey

#18

@JamesCodes JamesCodes mentioned this pull request May 18, 2018
Closed
@RyanZim
Copy link
Collaborator

RyanZim commented May 18, 2018
edited
Loading

I repeat:

why do we need a UUID function; wouldn't just a plain old Math.random().toString() work?

@JamesCodes
Copy link
Contributor Author

@RyanZim Repeat noted. If that provides the same solution and doesn't cause any issues, I'm with you. I was under the impression that the unique lib was being used to reduce the chance of two random strings ending up being the same.

But you may very well be right, Math.random().toString() may achieve that just fine.

@RyanZim
Copy link
Collaborator

RyanZim commented May 18, 2018

We're talking about giving each plugin an id; most plugin chains aren't crazy long, I don't think the uniqueness will be an issue.

@JamesCodes
Copy link
Contributor Author

@RyanZim Yeah, that makes sense.

@RyanZim
Copy link
Collaborator

RyanZim commented May 18, 2018

Also, should have mentioned this the first time; please remove package-lock.json from git.

@JamesCodes
Copy link
Contributor Author

@RyanZim I've made those changes.

@RyanZim RyanZim merged commit ea8453f into postcss:master May 18, 2018
@RyanZim
Copy link
Collaborator

RyanZim commented May 18, 2018

Thanks!

This was referenced May 18, 2018
Closed
Closed
@RyanZim
Copy link
Collaborator

RyanZim commented May 18, 2018

Feel free to add yourself here if you'd like: https://github.com/postcss/postcss-filter-plugins#contributors

@JamesCodes
Copy link
Contributor Author

Will do 👍

RyanZim pushed a commit that referenced this pull request May 22, 2018
@JamesCodes @RyanZim
Fix critical vulnerability CWE-78 (#19)
fd0c04b 
Removed vulnerable dependancy (uniquid)
@dependabot dependabot bot mentioned this pull request Mar 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JamesCodes @RyanZim