Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore(gatsby-source-wordpress): upgrade file-type #38861

Merged
merged 1 commit into from
Feb 21, 2024
Merged

chore(gatsby-source-wordpress): upgrade file-type #38861

merged 1 commit into from
Feb 21, 2024

Conversation

pieh
Copy link
Contributor

@pieh pieh commented Feb 20, 2024
edited
Loading

Description

https://github.com/sindresorhus/file-type/releases/tag/v16.0.0 no real breaking changes for us and fixes npm audit alert:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ file-type vulnerable to Infinite Loop via malformed MKV file │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ file-type                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=16.5.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gatsby-source-wordpress                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gatsby-source-wordpress > file-type                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1089123                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

We also already use that version in gatsby-core-utils.

@TylerBarnes could we move from ad-hoc implementation to using createRemoteFileNode from common utility package we have? ( https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-source-filesystem/src/create-remote-file-node.js ) - that would probably be potential follow up

Documentation

Tests

Related Issues

@pieh pieh added the topic: source-wordpress Related to Gatsby's integration with WordPress label Feb 20, 2024
@gatsbot gatsbot bot added the status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer label Feb 20, 2024
@pieh pieh added type: maintenance An issue or pull request describing a change that isn't a bug, feature or documentation change and removed status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer labels Feb 20, 2024
@pieh pieh merged commit 7661bb9 into master Feb 21, 2024
34 of 35 checks passed
@pieh pieh deleted the michalpiechowiak/fra-336-handle-file-type-dependency-vulnurability-in-gatsby-source branch February 21, 2024 16:06
pieh added a commit that referenced this pull request Feb 21, 2024
@pieh
chore(gatsby-source-wordpress): upgrade file-type (#38861)
6f9aa06 
(cherry picked from commit 7661bb9)
@gatsbybot gatsbybot mentioned this pull request Feb 21, 2024
Merged
pieh added a commit that referenced this pull request Feb 21, 2024
@gatsbybot @pieh
chore(gatsby-source-wordpress): upgrade file-type (#38861) (#38863)
07761d4 
(cherry picked from commit 7661bb9)

Co-authored-by: Michal Piechowiak <misiek.piechowiak@gmail.com>
@Rutam21 Rutam21 mentioned this pull request Feb 24, 2024
Open
This was referenced Feb 24, 2024
Open
Open
@X-oss-byte X-oss-byte mentioned this pull request Mar 15, 2024
Open
This was referenced May 1, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
@saurabharch saurabharch mentioned this pull request May 6, 2024
Open
@X-oss-byte X-oss-byte mentioned this pull request May 8, 2024
Open
@monizb monizb mentioned this pull request May 8, 2024
Open
This was referenced May 9, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced May 16, 2024
Open
Open
Open
Open
Open
This was referenced Oct 17, 2024
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@TylerBarnes TylerBarnes TylerBarnes approved these changes

Assignees
No one assigned
Labels
topic: source-wordpress Related to Gatsby's integration with WordPress type: maintenance An issue or pull request describing a change that isn't a bug, feature or documentation change
Projects
V5 Release hotfixes
Status: Published
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pieh @TylerBarnes