Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/1.3.8] Bump client version and update deps to address CVEs #20288

Closed
wants to merge 9 commits into from
Closed

[release/1.3.8] Bump client version and update deps to address CVEs #20288

wants to merge 9 commits into from

Conversation

zhenmichael
Copy link
Contributor

@zhenmichael zhenmichael commented Mar 22, 2024
edited
Loading

Follow up PR to consume server 0.1036.5002 patch release: #19959
Update dependencies in server npm packages to address CVE-2023-45857 and CVE-2024-21484.

@robertobe-ms @zhenmichael
build: Upgrade pipelines to Node18 + upgrade nvm recommendation (micr…
7d4dfce 
…osoft#17389)

Update the recommended versions of Node.js for developers to use, as
well as the version used by CI, from version 14 to 18.

This change made some scenarios in some e2e tests hang, so a fix for
skipping them had to be included.
Details:
0.58.x doesn't have the fix to routerlicious-driver in this PR:
microsoft#8913
(also see related issue for more context on the problem:
microsoft#9163)
This causes this test to hang while loading container2, as the snapshot
is over 16KB.
@msfluid-bot
Copy link
Collaborator

msfluid-bot commented Mar 22, 2024
edited
Loading

Could not find a usable baseline build with search starting at CI a16b65d

Generated by 🚫 dangerJS against 2a73c4d

@zhenmichael zhenmichael changed the title release: 1.3.7 -> 1.3.8 [release/1.3.8] Bump client version and update deps to address CVEs Mar 25, 2024
@zhenmichael zhenmichael mentioned this pull request Mar 25, 2024
Closed
@zhenmichael zhenmichael marked this pull request as ready for review March 25, 2024 15:07
@zhenmichael zhenmichael requested review from msfluid-bot and a team as code owners March 25, 2024 15:07
@zhenmichael zhenmichael requested a review from alexvy86 March 25, 2024 15:08
@zhenmichael zhenmichael requested a review from tylerbutler March 25, 2024 17:07
@zhenmichael zhenmichael requested review from a team as code owners March 26, 2024 13:11
@zhenmichael zhenmichael force-pushed the release/1.3.8-bump branch 2 times, most recently from bf1fb8d to dd07330 Compare March 26, 2024 16:36
@zhenmichael zhenmichael closed this Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msfluid-bot msfluid-bot Awaiting requested review from msfluid-bot

@alexvy86 alexvy86 Awaiting requested review from alexvy86

@tylerbutler tylerbutler Awaiting requested review from tylerbutler

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zhenmichael @msfluid-bot @alexvy86 @robertobe-ms