-
Notifications
You must be signed in to change notification settings - Fork 918
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2022-25758] Use dart-sass instead of node-sass #2054
[CVE-2022-25758] Use dart-sass instead of node-sass #2054
Conversation
Signed-off-by: Tao liu <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #2054 +/- ##
=======================================
Coverage 67.50% 67.51%
=======================================
Files 3077 3077
Lines 59184 59188 +4
Branches 9003 9003
=======================================
+ Hits 39955 39958 +3
- Misses 17044 17045 +1
Partials 2185 2185
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
looks like a snapshot failure, could update them? |
Signed-off-by: Tao liu <[email protected]>
According the error in the #535, it sounds like that happened on during the build compile, I didn't see the build compile error and UI error. |
Thanks. I updated the test, it should fixes the tests. |
Awesome! Do you know if there is any performance updates with the rendering? Also, will OUI be impacted by this @AMoo-Miki ? Finally, I haven't checked by do we use the sass |
Signed-off-by: Tao liu <[email protected]>
Signed-off-by: Tao liu <[email protected]>
@AMoo-Miki , Is this changes looking good from your side? if you have time, please take a look this changes, thanks |
Hello @Flyingliuhub, are we able to eyeball any performance impact? |
I didn't see the page load (dashboard/discover/Visualizations) different in my local. It take about 12 minutes for build locally with following command
|
Biggest worry was OUI, but Miki is good with that. Downstream might be impacted so it will be a breaking change for 3.0. The only other thing is if there is any performance degradation. But we don't have any client side perf tests so looks good to me. However, will hold off from merging until at least tomorrow just in case in becomes a blocker for OUI. |
Any update team ~ |
@kavilla , Is there any update from retro? if everything looks good from retro meeting, could you please click "Merge"? Thanks |
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Bump node.js to 18 and fix errors Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]> Fix async unit test timeout issue Signed-off-by: Anan Zhuang <[email protected]> [Nodejs 18] fix lmdb and plugins discovery unit tests Signed-off-by: Anan Zhuang <[email protected]> Fix windows path Signed-off-by: Anan Zhuang <[email protected]> Increase memory limit for unit test and fix memory leak Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]> add unhandle-rejections Signed-off-by: Anan Zhuang <[email protected]> add worker add mock lmdb to integration test Signed-off-by: Anan Zhuang <[email protected]> modify test start opensearch Signed-off-by: Anan Zhuang <[email protected]> only one integration test Signed-off-by: Anan Zhuang <[email protected]> update test Signed-off-by: Anan Zhuang <[email protected]> increase time Signed-off-by: Anan Zhuang <[email protected]>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <[email protected]>
Signed-off-by: Tao liu [email protected]
Description
This PR fixes the Regular expression denial of service in scss-tokenizer, use dart-sass instead of node-sass.
The node-sass are deprecated, the detail here.
The suggested solution (#535) is that use dart-sass instead of node-sass
The scan detail as following and link here
Issues Resolved
#1842 , #535
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr