Backport 2.2.2 security release to master

012fa55a · Tomas Vik · 3cd20cd2 · 012fa55a · 012fa55a · 012fa55a
隐藏空白更改
内联并排

Showing with 12 addition and 1 deletion

CHANGELOG.md CHANGELOG.md +10 -0

package.json package.json +1 -1

src/git_service.js src/git_service.js +1 -0

未找到文件。
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,16 @@

 - Click on merge request "for current branch" doesn't do anything

+## v2.2.2 - 2020-06-19
+
+- Fix dependency issues caused by publishing the extension using `yarn`
+
+## v2.2.1 - 2020-06-19
+
+### Security
+
+- [CVE-2020-13279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13279) Prevent possible client side code execution, https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/170
+
 ## v2.2.0 - 2019-11-06

 - [Experimental Feature](https://gitlab.com/fatihacet/gitlab-vscode-extension#experimental-features): View Merge Request details and comments in VSCode. Click a Merge Request link from the sidebar and VSCode will open a new tab to show the Merge Request details. You can also directly comment on the Merge Request.

--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "gitlab-workflow",
  "displayName": "GitLab Workflow",
  "description": "GitLab VSCode integration",
-  "version": "2.2.0",
+  "version": "2.2.2",
  "publisher": "fatihacet",
  "license": "MIT",
  "repository": {

--- a/src/git_service.js
+++ b/src/git_service.js
@@ -15,6 +15,7 @@ async function fetch(cmd, workspaceFolder) {
  try {
    output = await execa.stdout(git, args, {
      cwd: currentWorkspaceFolder,
+      preferLocal: false,
    });
  } catch (ex) {
    // Fail siletly