NPM audit found vulnerability in @oclif/plugin-warn-if-update-available
#583
Comments
paulRbr
added a commit
to paulRbr/cli
that referenced
this issue
Nov 4, 2024
We remove this oclif plugin for now as it's not compatible with the old version of oclif we are using. This should be temporary until we have finished to upgrade oclif (bump-sh#448) about bump-sh#583
jloleysens
added a commit
to elastic/kibana
that referenced
this issue
Nov 14, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]>
jloleysens
added a commit
to jloleysens/kibana
that referenced
this issue
Nov 14, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 8278b06) # Conflicts: # oas_docs/makefile # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml
jloleysens
added a commit
to jloleysens/kibana
that referenced
this issue
Nov 14, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 8278b06) # Conflicts: # oas_docs/makefile # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml
lcawl
pushed a commit
to jloleysens/kibana
that referenced
this issue
Nov 15, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 8278b06) # Conflicts: # oas_docs/makefile # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Nov 18, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Nov 18, 2024
## Summary Publish OAS docs to bump.sh on merge to `main` or `8.x` ## To reviewers * For now actual publication requires a manual step on bump.sh (so things aren't going live immediately) * Will get to serverless OAS docs next! ## Blockers * Address vulnerable deps before merging: bump-sh/cli#583 --------- Co-authored-by: kibanamachine <[email protected]>
jloleysens
added a commit
to elastic/kibana
that referenced
this issue
Nov 27, 2024
# Backport This will backport the following commits from `main` to `8.16`: - [[OAS] Publish OAS bundles to bump.sh (#197482)](#197482) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jean-Louis Leysens","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-14T08:15:47Z","message":"[OAS] Publish OAS bundles to bump.sh (#197482)\n\n## Summary\r\n\r\nPublish OAS docs to bump.sh on merge to `main` or `8.x`\r\n\r\n## To reviewers\r\n* For now actual publication requires a manual step on bump.sh (so\r\nthings aren't going live immediately)\r\n* Will get to serverless OAS docs next!\r\n\r\n## Blockers\r\n\r\n* Address vulnerable deps before merging:\r\nhttps://github.com/bump-sh/cli/issues/583\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"8278b0650ad4bb35e1a702889afad1f96eae2cd6","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Feature:OAS","v8.16.0","backport:version","v8.17.0"],"number":197482,"url":"https://github.com/elastic/kibana/pull/197482","mergeCommit":{"message":"[OAS] Publish OAS bundles to bump.sh (#197482)\n\n## Summary\r\n\r\nPublish OAS docs to bump.sh on merge to `main` or `8.x`\r\n\r\n## To reviewers\r\n* For now actual publication requires a manual step on bump.sh (so\r\nthings aren't going live immediately)\r\n* Will get to serverless OAS docs next!\r\n\r\n## Blockers\r\n\r\n* Address vulnerable deps before merging:\r\nhttps://github.com/bump-sh/cli/issues/583\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"8278b0650ad4bb35e1a702889afad1f96eae2cd6"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197482","number":197482,"mergeCommit":{"message":"[OAS] Publish OAS bundles to bump.sh (#197482)\n\n## Summary\r\n\r\nPublish OAS docs to bump.sh on merge to `main` or `8.x`\r\n\r\n## To reviewers\r\n* For now actual publication requires a manual step on bump.sh (so\r\nthings aren't going live immediately)\r\n* Will get to serverless OAS docs next!\r\n\r\n## Blockers\r\n\r\n* Address vulnerable deps before merging:\r\nhttps://github.com/bump-sh/cli/issues/583\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"8278b0650ad4bb35e1a702889afad1f96eae2cd6"}},{"branch":"8.16","label":"v8.16.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Lisa Cawley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello ππ» , we would like to use bump CLI in Kibana (PR) but
npm auditraised the following high severity vulnerability:Would it be possible to upgrade to a version of
@oclif/plugin-warn-if-update-availablethat does not have a vulnerable dependency? This is kind of a blocker for our PR to Kibana.The text was updated successfully, but these errors were encountered: