Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address code vulnerabilities #1688

Merged
merged 5 commits into from
Mar 15, 2023
Merged

Address code vulnerabilities #1688

merged 5 commits into from
Mar 15, 2023

Conversation

SorsOps
Copy link
Member

@SorsOps SorsOps commented Mar 15, 2023

Optimize pipelines
Fix npm audit problems
Reshuffle devDeps in prod deps
Update some modules according to snyk

SorsOps and others added 2 commits March 15, 2023 20:09
@SorsOps
Swap to npm over yarn
24c2702 
Optimize pipelines
Fix npm audit problems
Reshuffle devDeps in prod deps
Update some modules according to snyk
@SorsOps
Merge branch 'main' into fix/vulnerability-audit
279d91b
@SorsOps SorsOps requested a review from six7 March 15, 2023 18:11
@SorsOps
Copy link
Member Author

SorsOps commented Mar 15, 2023

Note that the two remaining high priority vulnerabilities are minimatch and set-value

There is a major version 4 of set-value that could fix the vulnerability detected, however this is a major change. Naive installation of the new major version causes regression

@SorsOps SorsOps mentioned this pull request Mar 15, 2023
Closed
@SorsOps
Copy link
Member Author

SorsOps commented Mar 15, 2023

Note this will cause a failure in the CI

      - name: Run test coverage report
        id: testCoverage
        uses: anuraag016/Jest-Coverage-Diff@master
        with:
          fullCoverageDiff: false
          runCommand: 'LAUNCHDARKLY_FLAGS=tokenThemes,gitBranchSelector,multiFileSync,tokenFlowButton npx jest --collectCoverageFrom=''["src/**/*.{js,jsx,ts,tsx}"]'' --coverage --collectCoverage=true --coverageDirectory=''./'' --coverageReporters=''json-summary'' --forceExit --detectOpenHandles'
          total_delta: 1
          delta: 1
          afterSwitchCommand: npm ci
          useSameComment: true
          ````
          
          It attempts to pull the current main and then run npm ci. Until this is merged in, main will use yarn, We don't want this to stay yarn as it will cause failures for other PRs once this is in

six7
six7 approved these changes Mar 15, 2023
View reviewed changes
Copy link
Collaborator

@six7 six7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙏

@SorsOps SorsOps marked this pull request as draft March 15, 2023 18:36
@SorsOps SorsOps marked this pull request as ready for review March 15, 2023 21:36
@SorsOps SorsOps merged commit f9e32a2 into main Mar 15, 2023
six7 added a commit that referenced this pull request Mar 19, 2023
@six7
Revert "Address code vulnerabilities (#1688)"
7d96f09 
This reverts commit f9e32a2.
@six7 six7 mentioned this pull request Mar 19, 2023
Merged
six7 added a commit that referenced this pull request Mar 19, 2023
@six7
Revert 1688
5bb4a1d 
Reverts #1688
@six7 six7 mentioned this pull request Mar 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@six7 six7 six7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SorsOps @six7