https://pantsbuild.org/ logo
#general
Title
# general
b

busy-vase-39202

10/25/2021, 10:44 PM
f

fast-nail-55400

10/25/2021, 10:46 PM
that package is mentioned in our yarn.lock:
Copy code
tdyas@paradox:~/TC/toolchain$ git grep  ua-parser-js
src/node/yarn.lock:    ua-parser-js "^0.7.18"
src/node/yarn.lock:ua-parser-js@^0.7.18:
src/node/yarn.lock:  resolved "<https://registry.yarnpkg.com/ua-parser-js/-/ua-parser-js-0.7.28.tgz#8ba04e653f35ce210239c64661685bf9121dec31>"
the compromised version is 0.7.29 so we seem to have avoided the malware
(luckily)
@busy-vase-39202: thanks for finding this!
p

polite-garden-50641

10/25/2021, 11:07 PM
2 Views