[Snyk] Upgrade underscore from 1.11.0 to 1.13.1 #2941
Conversation
Snyk has created this PR to upgrade underscore from 1.11.0 to 1.13.1. See this package in npm: https://www.npmjs.com/package/underscore See this project in Snyk: https://app.snyk.io/org/luke9389/project/8e767e27-47b3-4730-99bf-20145f1d4e73?utm_source=github&utm_medium=upgrade-pr
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
MariaHCD
left a comment
MariaHCD
left a comment
There was a problem hiding this comment.
Following this SO: https://stackoverflow.com/c/expensify/questions/3465
I don't see any breaking changes from version 1.11.0 - 1.13.1 as per the change log. Looks like it has been mostly enhancements, bug fixes, optimizations and documentation fixes. There was a security issue in _.template but I don't believe we use this function in our repo.
Will test out the changes locally to ensure nothing breaks.
|
👋 Hey, I'm making a pr that should hopefully allow snyk-bot to pass the CLA check after it gets rerun. Once my PR is merged I'll try rerunning this to see if it passes. |
|
Thanks, @Luke9389! Is there anything else I should be looking out for in this version upgrade other than what I've mentioned above? |
|
Nope, I think your ok. Usually breaking changes constitute a new major release number, so I'm not expecting to see breaking behavior here |
|
@Luke9389 Just re-ran the jobs but looks like the CLA checks are still failing 🤔 |
|
Oh yea! I tried to get back around to all of these but must have missed this one. It seems to check out the version of master that was most recent when this PR was created. So for now, you would have to merge with failing tests (a comment will pop up that you can 👎). Also as a reminder, we should be super careful about testing these before merging. I see that you mentioned that you would above, which is great. I'm just spreading the word that these should only be merged on an as-needed basis. |
|
I can't think of any specific reason why this dependency should be updated. |
Snyk has created this PR to upgrade underscore from 1.11.0 to 1.13.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: underscore
-
1.13.1 - 2021-04-15
-
1.13.0 - 2021-04-09
-
1.13.0-3 - 2021-03-31
-
1.13.0-2 - 2021-03-15
-
1.13.0-1 - 2021-03-11
-
1.13.0-0 - 2021-03-10
-
1.12.1 - 2021-03-15
-
1.12.0 - 2020-11-24
-
1.11.0 - 2020-08-28
from underscore GitHub release notesRestores the underscore.js UMD alias to git
Node.js native ESM support in main release stream, docs updates
Preview release that adds the "module" exports condition
Preview of 1.13.0 with security fix from 1.12.1
Bugfix for the new Node.js 12+ native ESM entry point
Node.js native ESM support (prerelease), _.debounce optimization
Security fix in _.template and restored optimization in _.debounce.
_.get, _.toPath, bugfixes, compatibility, performance and testing.
Prepare 1.11.0
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs