Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ui: JavaScript updates to address vulnerabilities #41291

Merged
merged 4 commits into from
Oct 4, 2019
Merged

ui: JavaScript updates to address vulnerabilities #41291

merged 4 commits into from
Oct 4, 2019

Conversation

nathanstilwell
Copy link
Contributor

@nathanstilwell nathanstilwell commented Oct 3, 2019
edited
Loading

Resolving vulnerabilities identified by Synk and npm. Specifically these,

Release justification: Resolving JavaScript vulnerabilities.

Release note: Upgrading JavaScript dependencies

Nathan Stilwell added 4 commits October 3, 2019 11:27
ui: Upgrade lodash to resolve vulnerability
55e3072 
- Updating the lodash resolution
- Upgrading `karma-webpack` because previous version depended on an old
  version of lodash that couldn't be satisfied by `4.17.15`

release justification: fixing JavaScript vulnerabilities

Release note (admin ui change): upgrade lodash resolution,
upgrade karma-webpack
ui: Upgrading ua-parser-js to resolve vulnerability
0d82678 
- resolving Snyk vulnerability warnings with ua-parser-js

Release justification: fixing JavaScript vulnerability

Release note (admin ui change): adding ua-parser-js resolution
ui: upgrade url-loader to resolve vulnerability
c1d9713 
Updating `url-loader` to resolve moderate vulnerability flagged in the
npm repo. See more information at https://www.npmjs.com/advisories/535

Release justification: resolve JavaScript vulnerabilities

Release note (admin ui change): upgrade url-loader (used by webpack)
ui: Updating yarn-vendor submodule
b5d7b8e 
I forgot about this part

Release justification: Committing vendor dependencies for vulnerability
update

Release note: None
@nathanstilwell nathanstilwell added the first-pr Use to mark the first PR sent by a contributor / team member. Reviewers should be mindful of this. label Oct 3, 2019
@nathanstilwell nathanstilwell requested review from vilterp, bdarnell and a team October 3, 2019 17:46
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@CLAassistant
Copy link

CLAassistant commented Oct 3, 2019
edited
Loading

CLA assistant check
All committers have signed the CLA.

@andy-kimball andy-kimball mentioned this pull request Oct 3, 2019
Closed
53 tasks
@vilterp
Copy link
Contributor

vilterp commented Oct 3, 2019

@bdarnell @andy-kimball should we just bors r+ this?

bdarnell
bdarnell approved these changes Oct 3, 2019
View reviewed changes
Copy link
Contributor

@bdarnell bdarnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we just bors r+ this?

Yes, but I think the CLA check needs to be passing first.

@nathanstilwell
Copy link
Contributor Author

bors r+

@craig
Copy link
Contributor

craig bot commented Oct 4, 2019

Build failed (retrying...)

@craig
Copy link
Contributor

craig bot commented Oct 4, 2019

Build failed

@nathanstilwell
Copy link
Contributor Author

bors retry

@craig
Copy link
Contributor

craig bot commented Oct 4, 2019

Canceled (will resume)

@nathanstilwell
Copy link
Contributor Author

bors retry

craig bot pushed a commit that referenced this pull request Oct 4, 2019
Merge #41291
4b66d61 
41291: ui: JavaScript updates to address vulnerabilities r=nathanstilwell a=nathanstilwell

Resolving vulnerabilities identified by Synk and npm. Specifically these,

- https://app.snyk.io/vuln/SNYK-JS-LODASH-450202
- https://app.snyk.io/vuln/npm:ua-parser-js:20171012
- https://app.snyk.io/vuln/npm:ua-parser-js:20180227
- https://www.npmjs.com/advisories/535

Release justification: Resolving JavaScript vulnerabilities.

Release note: Upgrading JavaScript dependencies

Co-authored-by: Nathan Stilwell <[email protected]>
@craig
Copy link
Contributor

craig bot commented Oct 4, 2019

Build succeeded

@craig craig bot merged commit b5d7b8e into cockroachdb:master Oct 4, 2019
@nathanstilwell nathanstilwell deleted the synk-js-vulnerabilities branch October 11, 2019 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdarnell bdarnell bdarnell approved these changes

@vilterp vilterp vilterp approved these changes

Assignees
No one assigned
Labels
first-pr Use to mark the first PR sent by a contributor / team member. Reviewers should be mindful of this.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nathanstilwell @cockroach-teamcity @CLAassistant @vilterp @bdarnell