Skip to content
This repository has been archived by the owner on Feb 6, 2023. It is now read-only.

Commit

Permalink
fix(security): Upgrades Docusaurus to address CVE-2020-7662 (#2457)
Browse files Browse the repository at this point in the history 
Summary:
**Summary**

Upgrades Docusaurus and its dependencies to address [CVE-2020-7662](https://nvd.nist.gov/vuln/detail/CVE-2020-7662) affecting the [websocket-extensions](https://npm.im/websocket-extensions) dependency of the website package.

Note I upgraded to `docusaurus/core@^2.0.0-alpha.48` because upgrading with `yarn upgrade` alone revealed the issue described by facebook/docusaurus#2385 and fixed in `v2.0.0-alpha.48`.

**Test Plan**

```
# procidac at <redacted>.thefacebook.com in ~/dev/gh/claudiopro/draft-js/website on git:fix-cve-2020-7662 ● [21:21:54]
→ yarn why websocket-extensions
Using globally installed version of Yarn
yarn why v1.12.1
warning package.json: No license field
[1/4] �  Why do we have the module "websocket-extensions"...?
[2/4] 🚚  Initialising dependency graph...
warning No license field
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "websocket-extensions@0.1.4"
info Reasons this module exists
   - "websocket-driver" depends on it
   - Hoisted from "websocket-driver#websocket-extensions"
   - Hoisted from "docusaurus#core#webpack-dev-server#sockjs#websocket-driver#websocket-extensions"
info Disk size without dependencies: "96KB"
info Disk size with unique dependencies: "96KB"
info Disk size with transitive dependencies: "96KB"
info Number of shared dependencies: 0
✨  Done in 0.66s.

# procidac at <redacted>.thefacebook.com in ~/dev/gh/claudiopro/draft-js/website on git:fix-cve-2020-7662 ● [21:23:59]
→ yarn start
```

Website launches and looks functional:

<img width="1392" alt="Screen Shot 2020-06-05 at 9 22 01 PM" src="https://user-images.githubusercontent.com/860099/83919726-21e5b000-a773-11ea-8a36-4e390757f319.png">
Pull Request resolved: #2457

Reviewed By: mrkev

Differential Revision: D21911260

Pulled By: claudiopro

fbshipit-source-id: 17392a0596b1f6ffc6db184980313d5dab1bea26
  • Loading branch information
@facebook-github-bot
Claudio Procida authored and facebook-github-bot committed Jun 9, 2020
1 parent 8b8b9c0 commit a08a8fa
Show file tree
Hide file tree
Showing 2 changed files with 2,790 additions and 2,370 deletions.
4 changes: 2 additions & 2 deletions website/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
"deploy": "docusaurus deploy"
},
"dependencies": {
"@docusaurus/core": "^2.0.0-alpha.36",
"@docusaurus/preset-classic": "^2.0.0-alpha.36",
"@docusaurus/core": "^2.0.0-alpha.48",
"@docusaurus/preset-classic": "^2.0.0-alpha.48",
"classnames": "^2.2.6",
"draft-js": "0.11.5",
"react": "^16.10.2",
Expand Down
Loading

0 comments on commit a08a8fa

Please sign in to comment.