You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 17, 2024. It is now read-only.
It appears that the project is using @elastic/datemath v2.5.0. This version of datemath contains a lodash version that has a security vulnerability. Seems that datemath is on v4.0.2 at this point. Not sure the procedures of this repo, but should I go ahead and create a PR with this updated version? Is there a process of testing backwards compatibility? Thanks!
The text was updated successfully, but these errors were encountered:
Thanks for the heads up Daniel.
I am going to be working to get all packages updated in the next week or two. This will involve expanding the test coverage to make future package updates go smoother.
@danverd It looks like there are some unit tests covering the date utils.
If you'd like to try bumping the version of @elastic/datemath and see if the unit tests run that would be very helpful.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It appears that the project is using @elastic/datemath v2.5.0. This version of datemath contains a lodash version that has a security vulnerability. Seems that datemath is on v4.0.2 at this point. Not sure the procedures of this repo, but should I go ahead and create a PR with this updated version? Is there a process of testing backwards compatibility? Thanks!
The text was updated successfully, but these errors were encountered: