Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🏗🐛Manually update build-system/tasks/visual-diff/yarn.lock to address security vulnerabilities #23789

Merged
merged 1 commit into from
Aug 7, 2019
Merged

Conversation

rsimha
Copy link
Contributor

@rsimha rsimha commented Aug 7, 2019

The visual tests use v0.4.0 of @percy/puppeteer, which has dependencies with known security vulnerabilities.

"devDependencies": {
"@percy/puppeteer": "0.4.0",
"puppeteer": "1.19.0"
}

Screen Shot 2019-08-07 at 1 27 30 PM

Screen Shot 2019-08-07 at 1 28 11 PM

v1.0.0 of @percy/puppeteer fixes these vulnerabilities, but we can't upgrade because of breaking API changes. See #23462.

Until then, this PR manually upgrades the offending dependencies to safe versions. (Future task: Upgrade to v1.0.0 of @percy/puppeteer.)

@rsimha rsimha requested a review from danielrozenberg August 7, 2019 20:29
@rsimha rsimha self-assigned this Aug 7, 2019
@rsimha rsimha requested a review from mrjoro August 7, 2019 20:29
Copy link
Member

@mrjoro mrjoro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@rsimha rsimha merged commit b6de5ba into ampproject:master Aug 7, 2019
@rsimha rsimha deleted the 2019-08-07-PercyPuppeteer branch August 7, 2019 20:58
@rsimha
Copy link
Contributor Author

rsimha commented Aug 7, 2019

That worked.

Screen Shot 2019-08-07 at 1 59 25 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants