Resolve npm vulnerabilities (part 1 of 3) #8724
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nly running `test:scripts` Helps fix #8722
ryanml
approved these changes
Mar 17, 2020
bsclifton
changed the title
32 tasks
|
This PR ended up causing a problem |
DuanShaolong
added a commit
to DuanShaolong/browser
that referenced
this pull request
Mar 21, 2020
* Upgrade from Chromium 80.0.3987.78 to Chromium 80.0.3987.85. * 1.5.80 * 1.5.81 * 1.5.82 * Update Nightly channel to: 1.6.0 * 1.6.1 * Upgrade from Chromium 80.0.3987.85 to Chromium 80.0.3987.87. * 1.6.2 * 1.6.3 * 1.6.4 * 1.6.5 * 1.6.6 * Fix 8034: Add Crowd Deny requests to audit whitelist * 1.6.7 * don't treat warnings as errors for non release builds fix brave#7875 * 1.6.8 * 1.6.9 * added feature to run network audit on demand * Release notes for 1.3.x Fix brave#8123 * 1.6.10 * 1.6.11 * Fixes app icon on mono builds * Fix 8127: Update GetChange to remove the author arg git_cl.py was recently updated to change the function arguments for cl.GetChange. https://chromium.googlesource.com/chromium/tools/depot_tools/+/7f6dec01696fa5319c505ca8f57579a5b02c4184%5E%21/git_cl.py Updating the lint script to match the args. * Revert "Merge pull request brave#8101 from brave/mplesa-ci-pipeline-network-audit-label" Fix error: "No such property: RUN_NETWORK_AUDIT for class: WorkflowScript" This reverts commit b61595d, reversing changes made to a695042. * 1.6.12 * added feature to run network audit on demand * 1.6.13 * 1.6.14 * 1.6.15 * 1.6.16 * fixes an app icons in debug mode * Release notes for 1.3.x Hotfix 1 Fix brave#8169 * 1.6.17 * Remove hyphens in the adblock list directories This change to match the Chromium style does not affect anything else than the contents of the Brave Adblock component in the brave://rewards page. This is a follow-up to 4a702ec (brave#7176). * improve testInstallMac step * 1.6.18 * Upgrade from Chromium 80.0.3987.87 to Chromium 80.0.3987.100. * 1.6.19 * 1.6.20 * Use proxy for the Mozilla Location Service (fixes brave#8167) This covers CI / PR Builder builds. * 1.6.21 * 1.6.22 * 1.6.23 * Update to use GitHub Oauth2 token vs. deprecated querystring Fixes: https://github.com/brave/devops/issues/2507 * Use credential binding plugin to wrap use of GitHub token * 1.6.24 * 1.6.25 * 1.6.26 * 1.6.27 * 1.6.28 * Remove unused function to avoid 'method code too large' error * Upgrade from Chromium 80.0.3987.100 to Chromium 80.0.3987.106. * 1.6.29 * 1.6.30 * 1.6.31 * 1.6.32 * 1.6.33 * 1.6.34 * 1.6.35 * removed version mismatch check * 1.6.36 * 1.6.37 * Auto-generate NTP backgrounds LICENSE file (fixes brave#7460) * 1.6.38 * 1.6.39 * 1.6.40 * Upgrade from Chromium 80.0.3987.106 to Chromium 80.0.3987.116. * 1.6.41 * 1.6.42 * 1.6.43 * 1.6.44 * 1.6.45 * Release notes for 1.3.x Hotfix 2 Fix brave#8317 * Update Nightly channel to: 1.7.0 * Fixes spacing issue * 1.7.1 * 1.7.2 * 1.7.3 * 1.7.4 * 1.7.5 * 1.7.6 * 1.7.7 * 1.7.8 * 1.7.9 * 1.7.10 * 1.7.11 * Upgrade from Chromium 80.0.3987.116 to Chromium 80.0.3987.122. * 1.7.12 * 1.7.13 * 1.7.14 * 1.7.15 * 1.7.16 * Release notes for 1.4.x Fix brave#8395 * 1.7.17 * 1.7.18 * 1.7.19 * 1.7.20 * Fixes init for Ubuntu Resolves brave#8414 * 1.7.21 * Visual changes for search accelerator button * 1.7.22 * Fixes start for release Resolves brave#8432 * 1.7.23 * 1.7.24 * fixed null error in ci pipeline * 1.7.25 * 1.7.26 * 1.7.27 * 1.7.28 * 1.7.29 * 1.7.30 * 1.7.31 * 1.7.32 * 1.7.33 * 1.7.34 * 1.7.35 * 1.7.36 * Upgrade from Chromium 80.0.3987.122 to Chromium 80.0.3987.132. * 1.7.37 * 1.7.38 * 1.7.39 * 1.7.40 * 1.7.41 * Release notes for 1.4.x Hotfix 1 Fix brave#8529 * 1.7.42 * 1.7.43 * 1.7.44 * added sonarcloud analysis * 1.7.45 * 1.7.46 * 1.7.47 * 1.7.48 * 1.7.49 * 1.7.50 * 1.7.51 * Updates acorn to v7.1.1 * Helps resolve brave#8588 * Fix 8599: Update GetChange * Update Android label for issue template * removed audit deps * 1.7.52 * Comment out licensing so we can get a Nightly build Addresses (but does not fix) brave#8615 * 1.7.53 * 1.7.54 * Move LICENSE file generation to create_dist This will ensure that the licensing script runs for all CI builds even if we change the build config for them. * Update Nightly channel to: 1.8.0 * 1.8.1 * Remove references to dev channel * 1.8.2 * 1.8.3 * 1.8.4 * 1.8.5 * Use safe_browsing_mode=2 for Android * 1.8.6 * 1.8.7 * Fix failing tests for macOS RE: speedreader Fixes brave#8670 * 1.8.8 * 1.8.9 * Fix 8683: Use GetAffectedFiles instead of GetChange * 1.8.10 * 1.8.11 * 1.8.12 * 1.8.13 * 1.8.14 * 1.8.15 * 1.8.16 * 1.8.17 * 1.8.18 * Release notes for 1.5.x Fix brave#8718 * 1.8.19 * Fix vulnerabilities via `npm audit fix` * Move `jest` over to optional dependency. Not required for building, only running `test:scripts` Helps fix brave#8722 * Upgrade from Chromium 80.0.3987.132 to Chromium 80.0.3987.149. * 1.8.20 * Revert "Merge pull request brave#8724 from brave/bsc-fix-npm" This reverts commit a2f8600, reversing changes made to 3ed8aff. * 1.8.21 * 1.8.22 * 1.8.23 * 1.8.24 * Update `test_launcher_jobs` to be 4. Should make test execution faster and more reliable. For more info see https://bravesoftware.slack.com/archives/CA5FPHWLF/p1584498924254400 * release notes for 1.5.x hotfix 1 Fix brave#8752 * 1.8.25 * added symbols upload to all platforms * 1.8.26 * 1.8.27 * Upgrade from Chromium 80.0.3987.149 to Chromium 81.0.4044.69. * Added an abitlity to patch third_party/devtools-frontend/src. This is needed due to the following build errors: TypeScript compilation failed. Used tsconfig src\out\Release\gen/third_party/devtools-frontend/src/front_end/common/color-tsconfig.json ../../../node_modules/@types/babel__generator/index.d.ts(9,20): error TS2307: Cannot find module '@babel/types'. ../../../node_modules/@types/babel__traverse/index.d.ts(10,20): error TS2307: Cannot find module '@babel/types'. ../../../node_modules/@types/babel__traverse/index.d.ts(30,5): error TS2411: Property 'scope' of type 'Scope | undefined' is not assignable to string index type '(VisitNodeFunction<S, any> & VisitNodeFunction<S, any>) | (VisitNodeFunction<S, any> & VisitNodeObject<S, any>) | (VisitNodeObject<...> & VisitNodeFunction<...>) | (VisitNodeObject<...> & VisitNodeObject<...>) | undefined'. ../../../node_modules/@types/babel__traverse/index.d.ts(31,5): error TS2411: Property 'noScope' of type 'boolean | undefined' is not assignable to string index type '(VisitNodeFunction<S, any> & VisitNodeFunction<S, any>) | (VisitNodeFunction<S, any> & VisitNodeObject<S, any>) | (VisitNodeObject<...> & VisitNodeFunction<...>) | (VisitNodeObject<...> & VisitNodeObject<...>) | undefined'. ../../../node_modules/@types/babel__template/index.d.ts(9,31): error TS2307: Cannot find module '@babel/parser'. ../../../node_modules/@types/babel__template/index.d.ts(10,54): error TS2307: Cannot find module '@babel/types'. ../../../node_modules/@types/babel__core/index.d.ts(13,20): error TS2307: Cannot find module '@babel/types'. ../../../node_modules/@types/babel__core/index.d.ts(14,31): error TS2307: Cannot find module '@babel/parser'. There is a corresponding commit in brave-core that patched src/third_party/devtools-frontend/src/tsconfig.json with `"moduleResolution": "node"` entry. * [Android] Fixes for dublicate resources error on build * [Android] Fix for linker error for release builds * 1.8.28 * 1.8.29 * 1.8.30 * 1.8.31 Co-authored-by: Simon Hong <shong@brave.com> Co-authored-by: mkarolin <max@brave.com> Co-authored-by: brave-builds <devops@brave.com> Co-authored-by: Mihai PLESA <mplesa@brave.com> Co-authored-by: mkarolin <41635752+mkarolin@users.noreply.github.com> Co-authored-by: Pranjal Jumde <pranjal.jumde@gmail.com> Co-authored-by: Pranjal Jumde <pranjal@brave.com> Co-authored-by: bridiver <github@brianjohnson.cc> Co-authored-by: lauren <laurenwagner1019@gmail.com> Co-authored-by: Mihai PLESA <mihai.plesa@gmail.com> Co-authored-by: SergeyZhukovsky <serg.zhukovsky@gmail.com> Co-authored-by: Serg <serg@brave.com> Co-authored-by: Matt Bacchi <mbacchi@gmail.com> Co-authored-by: Matt Bacchi <mbacchi@users.noreply.github.com> Co-authored-by: Kamil Jozwiak <kamil@jozwiak.io> Co-authored-by: Kamil Jozwiak <kamiljoz@gmail.com> Co-authored-by: Francois Marier <francois@brave.com> Co-authored-by: Linh Nguyen <linh.nguyen@sli-systems.com> Co-authored-by: Linh <xuongrongl84@gmail.com> Co-authored-by: Brian Clifton <brian@clifton.me> Co-authored-by: NejcZdovc <nejc.zdovc@3zsistemi.si> Co-authored-by: samartnik <artem@brave.com> Co-authored-by: samartnik <30602739+samartnik@users.noreply.github.com> Co-authored-by: Nejc Zdovc <NejcZdovc@users.noreply.github.com> Co-authored-by: ryanml <rlanese@asu.edu> Co-authored-by: Sriram <srirambv@users.noreply.github.com> Co-authored-by: Brian R. Bondy <netzen@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Helps fix #8722
Submitter Checklist:
git rebase master(if needed).git rebase -ito squash commits (if needed).added to
scripts/audit.js.Test Plan:
Reviewer Checklist:
After-merge Checklist:
changes has landed on.