Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE] Remove storybook package to fix CVE-2021-42740 and CVE-2021-24033 #2660

Merged
merged 1 commit into from
Oct 24, 2022

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Oct 24, 2022

Signed-off-by: Zilong Xia zilongx@amazon.com

Description

Issues Resolved

Resolves #1171
Resolves #1055

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX
Copy link
Collaborator Author

ZilongX commented Oct 24, 2022

Added a change item under 🛠 Maintenance in CHANGELOG as well since the removal of storybook may be in bigger scope than just to get the CVEs fixed IMHO.

@ZilongX ZilongX added cve Security vulnerabilities detected by Dependabot or Mend v1.3.7 Mend: dependency security vulnerability Security vulnerability detected by Mend labels Oct 24, 2022
@ZilongX ZilongX requested a review from a team October 24, 2022 19:14
@kavilla
Copy link
Member

kavilla commented Oct 24, 2022

Thanks for doing this @ZilongX.

For others, we determined this is NOT a breaking change because storybook did work since the fork.

@ananzh ananzh merged commit 1c50eee into opensearch-project:1.x Oct 24, 2022
@ZilongX ZilongX deleted the cve-storybook-cleanup branch October 25, 2022 00:05
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-2660-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 1c50eeed0e1c19da96715b1236a54ac838667f02
# Push it to GitHub
git push --set-upstream origin backport/backport-2660-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-2660-to-1.3.

joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this pull request Nov 29, 2022
… (opensearch-project#2660)

Removes the broken and unfinished storybook package and related code.

Backport PR: opensearch-project#1172

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 1c50eee)
joshuarrrr added a commit that referenced this pull request Nov 30, 2022
… (#2660) (#2951)

Removes the broken and unfinished storybook package and related code.

Backport PR: #1172

Signed-off-by: Zilong Xia <zilongx@amazon.com>
(cherry picked from commit 1c50eee)

Co-authored-by: ZilongX <99905560+ZilongX@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend Mend: dependency security vulnerability Security vulnerability detected by Mend v1.3.7
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants