Skip to content

Commit e462f19

Browse files
mabdullahabaidmartmull
mabdullahabaid
and
martmull
authored
fix: tmp allows arbitrary temporary file / directory write via symbolic link dir parameter (#15452)
Resolves [Dependabot Alert 255](https://github.com/twentyhq/twenty/security/dependabot/255) - fix: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter. Updated the dev-dependency `zapier-platform-cli` for it to depend on tmp 0.2.4 and also ran `yarn up tmp --recursive` to update the version of tmp elsewhere. Not expecting any breaking changes to twenty-zapier since `zapier-platform-cli` is marked as a development dependency. Co-authored-by: martmull <martmull@hotmail.fr>
1 parent 7c854ba commit e462f19

File tree

2 files changed

+7988
-10781
lines changed

2 files changed

+7988
-10781
lines changed

packages/twenty-zapier/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
"devDependencies": {
2323
"jest": "29.7.0",
2424
"rimraf": "^3.0.2",
25-
"zapier-platform-cli": "^15.4.1"
25+
"zapier-platform-cli": "^17.9.1"
2626
},
2727
"installConfig": {
2828
"hoistingLimits": "dependencies"

0 commit comments

Comments
 (0)