Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade serve dependency to version 7 #6546

Closed
3 tasks
jlengstorf opened this issue Jul 18, 2018 · 2 comments
Closed
3 tasks

Upgrade serve dependency to version 7 #6546

jlengstorf opened this issue Jul 18, 2018 · 2 comments
Labels
help wanted Issue with a clear description that the community can help with. type: bug An issue or pull request relating to a bug in Gatsby

Comments

@jlengstorf
Copy link
Contributor

Description

There's a security vulnerability in serve that GitHub just started flagging. The fix is to upgrade serve to serve@^7.0.0. Currently we're still on version 6.

gatsby/packages/gatsby/package.json

Line 117 in d8aaa2f

"serve": "^6.5.3",

Steps to Solve

  • Run yarn install serve@latest in the gatsby package
  • Ensure gatsby serve continues to work as expected
  • Spread the word that everyone should upgrade to remove the vulnerability

We should apply this upgrade to both v1 and v2, assuming there are no breaking changes for v1.
@jlengstorf jlengstorf added type: bug An issue or pull request relating to a bug in Gatsby help wanted Issue with a clear description that the community can help with. labels Jul 18, 2018
@m-allanson
Copy link
Contributor

The latest version is 9.2.0, so it's probably worth updating all the way up to that.

This was referenced Jul 19, 2018
Merged
Closed
Merged
@trvsysadmin trvsysadmin mentioned this issue Jul 20, 2018
Merged
@m-allanson
Copy link
Contributor

This was handled in the above mentioned PRs, thanks folks!

This was referenced Apr 7, 2022
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Issue with a clear description that the community can help with. type: bug An issue or pull request relating to a bug in Gatsby
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlengstorf @m-allanson