Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bumps percy-agent to use non-beta version #2415

Merged
merged 1 commit into from
Sep 29, 2022

Conversation

kavilla
Copy link
Member

@kavilla kavilla commented Sep 24, 2022

Description

Beta version of percy-agent utilized a dependency that had a dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Signed-off-by: Kawika Avilla kavilla414@gmail.com

Issues Resolved

n/a

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

@kavilla
Copy link
Member Author

kavilla commented Sep 24, 2022

I think it should be safe to backport as this dependency was introduced in 2.0.

@codecov-commenter
Copy link

codecov-commenter commented Sep 24, 2022

Codecov Report

Merging #2415 (0143b06) into main (806e96c) will increase coverage by 0.00%.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2415   +/-   ##
=======================================
  Coverage   66.74%   66.74%           
=======================================
  Files        3194     3194           
  Lines       60803    60803           
  Branches     9238     9238           
=======================================
+ Hits        40583    40585    +2     
+ Misses      18011    18010    -1     
+ Partials     2209     2208    -1     
Impacted Files Coverage Δ
...ic/application/models/sense_editor/sense_editor.ts 64.88% <0.00%> (+0.88%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

ananzh
ananzh previously approved these changes Sep 26, 2022
@joshuarrrr
Copy link
Member

@kavilla This is failing the changelog check - it seems like a changelog update would make sense here.

Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
@ashwin-pc
Copy link
Member

Why is the Vega plugin being updated too? In yarn.lock?

@AMoo-Miki
Copy link
Collaborator

AMoo-Miki commented Sep 29, 2022

Why is the Vega plugin being updated too? In yarn.lock?

I think that is my fault!

leaflet-vega@npm:@amoo-miki/leaflet-vega@0.8.8" is the correct one but a previous PR of mine failed to update the lock file even though package.json was updated.

@joshuarrrr
Copy link
Member

That was fixed in this PR: #2432

@joshuarrrr joshuarrrr merged commit a528965 into opensearch-project:main Sep 29, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 29, 2022
Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
(cherry picked from commit a528965)
opensearch-trigger-bot bot pushed a commit that referenced this pull request Sep 29, 2022
Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
(cherry picked from commit a528965)
kavilla pushed a commit that referenced this pull request Sep 29, 2022
Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
(cherry picked from commit a528965)
kavilla pushed a commit that referenced this pull request Sep 29, 2022
Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
(cherry picked from commit a528965)
@AMoo-Miki AMoo-Miki added cve Security vulnerabilities detected by Dependabot or Mend v2.4.0 'Issues and PRs related to version v2.4.0' labels Nov 5, 2022
sipopo pushed a commit to sipopo/OpenSearch-Dashboards that referenced this pull request Dec 16, 2022
Beta version of percy-agent utilized a dependency that had a
dependency with a vulnerability.

Bumping to a non-beta version removes that problematic dependency.

Issue:
n/a

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>
Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x cve Security vulnerabilities detected by Dependabot or Mend v2.4.0 'Issues and PRs related to version v2.4.0'
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants