Closed
Bug 1438300
Opened 7 years ago
Closed 7 years ago
Check we're not using conventional-changelog
Categories
(Taskcluster :: Operations and Service Requests, task)
Taskcluster
Operations and Service Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: bstack)
Details
This is a malicious package at version 1.2.0
https://github.com/conventional-changelog/conventional-changelog/issues/282#issuecomment-365367804
|
Assignee | |
Comment 1•7 years ago
|
||
Just ran over every repo in our gh org and checked their yarn.lock The results are as follows:
No yarn.lock has any mention of this package and the following repos do not have a yarn.lock at all
taskcluster/dockerode-promise
taskcluster/logconsumer
taskcluster/testrepo
taskcluster/provisioner-hub
taskcluster/github-graph-example
taskcluster/taskcluster-base
taskcluster/taskcluster-pulse-deprecated
taskcluster/slugid
taskcluster/gecko-images
taskcluster/task-graph-scheduler
taskcluster/client-DEPRECATED
taskcluster/aws-sdk-promise
taskcluster/worker-stats
taskcluster/taskcluster-utils
taskcluster/dockerode-process
taskcluster/apidesign
taskcluster/packer-boxes
taskcluster/docker-services
taskcluster/dind
taskcluster/taskcluster-jobqueue
taskcluster/azure-blobstream
taskcluster/logstream
taskcluster/logserver
taskcluster/taskcluster-proxy
taskcluster/livelog
taskcluster/taskcluster-registry
taskcluster/taskcluster-status-deprecated
taskcluster/docker-worker-ci
taskcluster/stateless-dns-server
taskcluster/taskcluster-scheduler-DEPRECATED
taskcluster/mozilla-hg-pushlog
taskcluster/taskcluster-worker-bind9
taskcluster/testdroid-proxy
taskcluster/pulse-go
taskcluster/buildbot-step
taskcluster/multi-region-promised-aws
taskcluster/tc-vcs-repo-test
taskcluster/docker-bootstrap
taskcluster/taskcluster-client-go
taskcluster/taskcluster-https-proxy
taskcluster/mozilla-taskcluster
taskcluster/npm-cache
taskcluster/taskcluster-try-DEPRECATED
taskcluster/taskcluster-vcs
taskcluster/index-browser
taskcluster/taskcluster-manifest
taskcluster/taskcluster-cli
taskcluster/example-worker
taskcluster/taskcluster-client.py
taskcluster/jsonschema2go
taskcluster/taskcluster-vpn-proxy
taskcluster/generic-worker
taskcluster/taskcluster-stats
taskcluster/taskcluster-worker
taskcluster/taskcluster-loop
taskcluster/slugid-go
taskcluster/dind-service
taskcluster/slugid.py
taskcluster/taskcluster-skeleton
taskcluster/taskcluster-base-go
taskcluster/taskcluster-client-java
taskcluster/gaia-taskcluster
taskcluster/rust-hawk
taskcluster/relengapi-proxy
taskcluster/httpbackoff
taskcluster/heroku-grafana
taskcluster/taskcluster-stats-collector
taskcluster/s3-copy-proxy
taskcluster/aws-lambda
taskcluster/docker-registry-v2-proxy
taskcluster/docker-experiments
taskcluster/nginx-s3-proxy
taskcluster/taskcluster-lib-stats
taskcluster/taskcluster-babel
taskcluster/taskcluster-admin
taskcluster/node-statsum
taskcluster/babel-preset-taskcluster
taskcluster/go-got
taskcluster/statsum
taskcluster/tagged-metrics
taskcluster/memcached
taskcluster/taskcluster-bot
taskcluster/react-gdb
taskcluster/taskcluster-monitor
taskcluster/task-factory
taskcluster/stateless-dns-go
taskcluster/schema-validator-publisher
taskcluster/taskcluster-lib-legacyentities
taskcluster/docker-image-builder
taskcluster/taskcluster-lib-rules
taskcluster/eslint-plugin-taskcluster
taskcluster/gdb-js
taskcluster/taskcluster-host-secrets
taskcluster/knownfolder
taskcluster/runlib
taskcluster/shell
taskcluster/ntr
taskcluster/taskcluster-watchdog
taskcluster/taskcluster-migration-DEPRECATED
taskcluster/do-provisioner
taskcluster/file-browser-go
taskcluster/go-schematypes
taskcluster/artifact-downloader
taskcluster/taskcluster-artifact-downloader
taskcluster/planet-taskcluster
taskcluster/gdb-examples
taskcluster/migration-dashboard
taskcluster/taskcluster-mercurial
taskcluster/taskcluster-github-testing
taskcluster/passwordstore-garbage
taskcluster/linux-aws-trusty
taskcluster/taskcluster-artifact-redirector
taskcluster/taskcluster-lb
taskcluster/heroku-buildpack-nginx
taskcluster/node-promisepipe
taskcluster/taskcluster-infrastructure
taskcluster/taskcluster-oidc-demo
taskcluster/taskcluster-lib-artifact-go
taskcluster/taskcluster-lib-scopes-rs
taskcluster/taskcluster-lib-pulse
taskcluster/webhooktunnel
taskcluster/taskcluster-rfcs
taskcluster/taskcluster-retrospectives
I think we're fine. Some packages included in our projects have this package as a development only dependency but that does not get installed to our projects and even those were not version 1.2.0
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Component: Operations → Operations and Service Requests
You need to log in
before you can comment on or make changes to this bug.
Description
•