Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI: resolves braces < 3.0.3 dep vulnerability and ws < 8.17.1 #27657

Merged
merged 4 commits into from
Jul 3, 2024
Merged

UI: resolves braces < 3.0.3 dep vulnerability and ws < 8.17.1 #27657

merged 4 commits into from
Jul 3, 2024

Conversation

hellobontempo
Copy link
Contributor

@hellobontempo hellobontempo commented Jul 1, 2024
edited
Loading

Description

This PR makes a few dependency package updates to address the security vulnerability in braces v3.0.3 and upgrades ws to 8.17.1. I recommend reviewing by commit, general breakdown of each commit:

  1. Deleted the yarn.lock file and re-ran yarn resolved some of the issues
  2. Added braces to the resolution block resolved some more vulnerable versions

There was one test failure after upgrading, but the test ran the same before and after the package changes. Closing the modal in the test resolved the issue.

✅ enterprise tests

Backported to 1.15.12+ent, 1.16.6+ent, 1.17.2

@hellobontempo hellobontempo requested a review from a team as a code owner July 1, 2024 23:04
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jul 1, 2024
@hellobontempo hellobontempo mentioned this pull request Jul 1, 2024
Closed
@hellobontempo hellobontempo added this to the 1.18.0-rc milestone Jul 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 1, 2024

Build Results:
All builds succeeded! ✅

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 1, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

Monkeychip
Monkeychip approved these changes Jul 2, 2024
View reviewed changes
Copy link
Contributor

@Monkeychip Monkeychip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe run enterprise tests locally just in case (if you haven't already).

@hellobontempo hellobontempo added backport/ent/1.15.x+ent Changes are backported to 1.15.x+ent backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/1.17.x labels Jul 3, 2024
@hellobontempo hellobontempo enabled auto-merge (squash) July 3, 2024 16:44
@hellobontempo hellobontempo changed the title UI: resolves braces < 3.0.3 dep vulnerability UI: resolves braces < 3.0.3 dep vulnerability and ws < 8.17.1 Jul 3, 2024
@hellobontempo hellobontempo merged commit c5c25fe into main Jul 3, 2024
46 checks passed
@hellobontempo hellobontempo deleted the ui/VAULT-28021/braces-dep-vulnerability branch July 3, 2024 16:48
Closed
This was referenced Jul 3, 2024
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Monkeychip Monkeychip Monkeychip approved these changes

Assignees
No one assigned
Labels
backport/ent/1.15.x+ent Changes are backported to 1.15.x+ent backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/1.17.x hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog ui
Projects
None yet
Milestone
1.18.0-rc
Development

Successfully merging this pull request may close these issues.
2 participants
@hellobontempo @Monkeychip