Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cmd-api-server): upgrade socket.io - CVE-2022-21676 #1915

Merged
merged 1 commit into from
Mar 15, 2022
Merged

fix(cmd-api-server): upgrade socket.io - CVE-2022-21676 #1915

merged 1 commit into from
Mar 15, 2022

Conversation

petermetz
Copy link
Contributor

Upgrade the version of socket.io to 4.4.1 which contains the
patches for the CVE mentioned in the title.

Fixes #1914

Signed-off-by: Peter Somogyvari [email protected]

@petermetz petermetz requested review from izuru0, jagpreetsinghsasan and takeutak and removed request for jonathan-m-hamilton March 14, 2022 06:02
@petermetz petermetz added API_Server dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Mar 14, 2022
@petermetz petermetz force-pushed the petermetz/issue1914 branch from 8dab954 to 97d25ba Compare March 14, 2022 07:50
@petermetz
Copy link
Contributor Author

@takeutak @izuru0 FYI: I need to upgrade the package in a lot more places including some of your packages and on account of this I'm re-requesting the review.

@petermetz petermetz requested a review from takeutak March 14, 2022 07:51
@takeutak
Copy link
Contributor

@petermetz Thanks for your notice! I think it is no problem and please merge it. If there are some trouble, I will ask you after releasing version 1.

@petermetz petermetz force-pushed the petermetz/issue1914 branch 3 times, most recently from 232a813 to 56b7b46 Compare March 14, 2022 18:02
@petermetz
fix(cmd-api-server): upgrade socket.io - CVE-2022-21676
863179a 
Upgrade the version of socket.io to 4.4.1 which contains the
patches for the CVE mentioned in the title.

Fixes hyperledger-cacti#1914

Signed-off-by: Peter Somogyvari <[email protected]>
@petermetz petermetz force-pushed the petermetz/issue1914 branch from 56b7b46 to 863179a Compare March 14, 2022 20:53
@petermetz petermetz removed the request for review from izuru0 March 14, 2022 22:03
@petermetz petermetz merged commit 8e1c69e into hyperledger-cacti:main Mar 15, 2022
@petermetz petermetz deleted the petermetz/issue1914 branch March 15, 2022 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@takeutak takeutak takeutak approved these changes

Assignees
No one assigned
Labels
API_Server dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(cmd-api-server): upgrade socket.io - CVE-2022-21676
3 participants
@petermetz @takeutak @jagpreetsinghsasan