Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps-dev): bump @commitlint/config-conventional to 11.0.0 #1673

Merged
merged 9 commits into from
Nov 11, 2020

Conversation

alexforsyth
Copy link
Contributor

@alexforsyth alexforsyth commented Nov 10, 2020

Issue #, if available:
#1670

Description of changes:
Continuation of changes #1672

I must bump to node v10.22.1 in order to bump @commitlint/config-conventional in order to clear:

{
  "type": "auditAdvisory",
  "data": {
    "advisory": {
      "findings": [
        {
          "version": "3.0.0",
          "paths": [
            "@commitlint/config-conventional>conventional-changelog-conventionalcommits>compare-func>dot-prop"
          ]
        }
      ],

      "title": "Prototype Pollution",
      "module_name": "dot-prop",
      "cves": [
        "CVE-2020-8116"
      ],
      "vulnerable_versions": "<4.2.1 || >=5.0.0 <5.1.1",
      "patched_versions": ">=4.2.1 <5.0.0 || >=5.1.1",
      "overview": "Versions of `dot-prop` before 4.2.1 or 5.1.1 are vulnerable to prototype pollution. The function `set` does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n",
      "recommendation": "Upgrade to version 4.2.1, 5.1.1 or later.",
      "references": "- [GitHub advisory](https://github.com/advisories/GHSA-ff7x-qrg7-qggm)\n- [CVE](https://nvd.nist.gov/vuln/detail/CVE-2020-8116)",
      "severity": "high",
      "url": "https://npmjs.com/advisories/1213"
    }
  }
}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@alexforsyth alexforsyth changed the title Alexforsyth/bump node 10.22 fix(config-conventional): bump node 10.22 to bump @commitlint/config-conventional Nov 10, 2020
@alexforsyth alexforsyth changed the title fix(config-conventional): bump node 10.22 to bump @commitlint/config-conventional fix(config-conventional): bump node 10.22.1 to bump @commitlint/config-conventional Nov 10, 2020
@alexforsyth
Copy link
Contributor Author

Blocked on: aws/aws-codebuild-docker-images#399

@alexforsyth
Copy link
Contributor Author

@alexforsyth
Copy link
Contributor Author

Aws docker team is in the middle of a release. It will likely be weeks before PR: aws/aws-codebuild-docker-images#400 is reflected on the AWS cloud. In the mean time, @subinataws gave great advice about using "n 10" to pull the lastest version of node 10. Issue addressed: aws/aws-codebuild-docker-images#361 (comment)

Made updates in commit: 07f9551

buildspec.yml Show resolved Hide resolved
@trivikr trivikr changed the title fix(config-conventional): bump node 10.22.1 to bump @commitlint/config-conventional chore(deps-dev): bump @commitlint/config-conventional to 11.0.0 Nov 10, 2020
Co-authored-by: Trivikram Kamat <[email protected]>
@codecov-io
Copy link

Codecov Report

Merging #1673 (36a4e3a) into master (de75f7e) will decrease coverage by 0.06%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1673      +/-   ##
==========================================
- Coverage   79.77%   79.71%   -0.07%     
==========================================
  Files         325      328       +3     
  Lines       12087    12573     +486     
  Branches     2553     2670     +117     
==========================================
+ Hits         9643    10022     +379     
- Misses       2444     2551     +107     
Impacted Files Coverage Δ
...tocol_tests/aws-restxml/commands/XmlMapsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlBlobsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlEnumsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlListsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...col_tests/aws-restjson/commands/JsonMapsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonBlobsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonEnumsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonListsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...tests/aws-restxml/commands/XmlAttributesCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...tests/aws-restxml/commands/XmlNamespacesCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
... and 100 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b2d9794...36a4e3a. Read the comment docs.

@alexforsyth
Copy link
Contributor Author

Merging as codebuild has passed. Travis CI is failing intermittently. Unrelated

@alexforsyth alexforsyth merged commit a3fab9f into aws:master Nov 11, 2020
@alexforsyth alexforsyth deleted the alexforsyth/bump-node-10.22 branch November 11, 2020 16:36
@github-actions
Copy link

github-actions bot commented Jan 9, 2021

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants