[security] minimist >= 1.2.2 #2267
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: sirugh <rugh@adobe.com>
Signed-off-by: sirugh <rugh@adobe.com>
sirugh
commented
Mar 18, 2020
| @@ -6,5 +6,8 @@ | |||
| "license": "ISC", | |||
| "dependencies": { | |||
| "devcert": "~1.1.0" | |||
| }, | |||
| "resolutions": { | |||
| "minimist": "^1.2.2" | |||
There was a problem hiding this comment.
Using resolutions effectively "steps over" any transitive dependency requirements on older versions. This may cause issues, especially in this case where the resolution has a major bump.
The only other alternative to fixing this would be to update down the chain of transitive deps, but each of those packages also needs to get fixed/published. So this is the fastest way to resolve the security issues but it may cause a bug/break in the app.
jcalcaben
approved these changes
Mar 18, 2020
|
dpatil-magento
approved these changes
Mar 18, 2020
|
Below tests pass. |
dpatil-magento
pushed a commit
that referenced
this pull request
Mar 18, 2020
* Requires at least minimist 1.2.2 due to security vuln Signed-off-by: sirugh <rugh@adobe.com> * Switches to yarn and requires minimist 1.2.2 for security vuln Signed-off-by: sirugh <rugh@adobe.com>
dpatil-magento
added a commit
that referenced
this pull request
Apr 28, 2020
* Removed cart and checkout routes from 6.0 branch. (#2255) * - Mock version in test so snaps dont fail during releases (#2266) - Fixup regex to handle line breaks * [security] minimist >= 1.2.2 (#2267) * Requires at least minimist 1.2.2 due to security vuln Signed-off-by: sirugh <rugh@adobe.com> * Switches to yarn and requires minimist 1.2.2 for security vuln Signed-off-by: sirugh <rugh@adobe.com> * v6.0.0-alpha.1 * v6.0.0-beta.1 * Jimothy/6.0 release notes (#2279) * Add unsorted PR list * Add items to separate lists * Finish organizing PRs in sections * Finish highlights * Remove entries that were part of previous releases * Update PageBuilder to Page Builder Co-authored-by: Devagouda <40405790+dpatil-magento@users.noreply.github.com> * fix(pagebuilder): Html content type unescapes content when GraphQL does not (#2283) Co-authored-by: Devagouda <40405790+dpatil-magento@users.noreply.github.com> * [PWA-479] Extension Files Missing From Packages (#2305) * Add extensible files and directories to published packages * Revert version bumps Co-authored-by: Devagouda <40405790+dpatil-magento@users.noreply.github.com> * v6.0.0-beta.2 * [bug]: Fix (remove) OOTB tests from scaffold (#2321) * Ignores buildpack and test directories during create-pwa Signed-off-by: sirugh <rugh@adobe.com> * Fix glob pattern to match sub directories AND contents Signed-off-by: sirugh <rugh@adobe.com> * Fixes tests and makes ignore pattern easier to construct Signed-off-by: sirugh <rugh@adobe.com> * [Doc] 6.0 release notes updates (#2323) * Add new PRs to changelog and update compatibility table * Fix wrong entry placement * v6.0.0-beta.3 * v6.0.0-rc.1 * v6.0.0 * Enable cart and checkout routes Co-authored-by: Revanth Kumar Annavarapu <35203638+revanth0212@users.noreply.github.com> Co-authored-by: Tommy Wiebell <twiebell@adobe.com> Co-authored-by: Stephen <sirugh@users.noreply.github.com> Co-authored-by: devops-pwa-codebuild <magento-devops-github-pwa-int@adobe.com> Co-authored-by: James Calcaben <jcalcaben@users.noreply.github.com> Co-authored-by: James Zetlen <jzetlen@adobe.com>
1 task
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
pwa-devdocstoyarnfromnpm.resolutionsto resolve security vulnerability inpwa-devdocsanddockerpackages.Related Issue
Closes PWA-449.
Acceptance
Verification Stakeholders
Specification
Verification Steps
Screenshots / Screen Captures (if appropriate)
Checklist