Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thuang-fix-deps #1020

Closed
wants to merge 3 commits into from
Closed

thuang-fix-deps #1020

wants to merge 3 commits into from

Conversation

tihuan
Copy link
Contributor

@tihuan tihuan commented Mar 25, 2021
edited
Loading

Reviewers

Functional:
@Bento007

Readability:
@maniarathi

Changes

This PR addresses two High Severity deps through forcing resolution to use the patched versions:
https://github.com/chanzuckerberg/corpora-data-portal/security/dependabot/frontend/package-lock.json/ssri/open

https://github.com/chanzuckerberg/corpora-data-portal/security/dependabot/frontend/package-lock.json/is-svg/open <-- turned out this one is not easy to fix. And since it's rooted from using Gatsby, we can see if the problem just goes away when we migrate to Next.js!

PTAL thank you!

Definition of Done (from ticket)

QA steps (optional)

@tihuan tihuan requested review from Bento007 and maniarathi March 25, 2021 22:53
@tihuan tihuan force-pushed the thuang-fix-deps branch 2 times, most recently from e6bca0b to f4aae17 Compare March 25, 2021 23:20
@codecov
Copy link

codecov bot commented Mar 26, 2021

Codecov Report

Merging #1020 (8c01a99) into main (d5b18a7) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1020   +/-   ##
=======================================
  Coverage   94.28%   94.28%           
=======================================
  Files          73       73           
  Lines        4476     4476           
=======================================
  Hits         4220     4220           
  Misses        256      256
Flag Coverage Δ
backend 94.28% <ø> (ø)
python 94.28% <ø> (ø)
unitTest 94.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d5b18a7...8c01a99. Read the comment docs.

@tihuan tihuan removed the bot/merge label Mar 26, 2021
@tihuan
Copy link
Contributor Author

tihuan commented Mar 26, 2021

Actually I will wait to merge this after Next.js PR is in to avoid merge conflicts. Thank you!

@tihuan
Copy link
Contributor Author

tihuan commented Mar 29, 2021

Ah good news! Using Next.js automatically resolves all the vulnerability issues 🎉

So we can close this PR now 💪

Thank you!

CC: @maniarathi

@tihuan tihuan closed this Mar 29, 2021
@tihuan tihuan deleted the thuang-fix-deps branch March 29, 2021 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bento007 Bento007 Bento007 approved these changes

@maniarathi maniarathi Awaiting requested review from maniarathi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tihuan @Bento007