Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump webpack-dev-server from 3.8.2 to 3.11.0 #539

Merged
merged 1 commit into from
Jun 25, 2021

Conversation

tmarkley
Copy link
Contributor

@tmarkley tmarkley commented Jun 24, 2021

Description

This addresses known security vulnerabilities related to node-forge: GHSA-92xj-mqp7-vmcj

Before

$ yarn why node-forge
yarn why v1.22.10
[1/4] Why do we have the module "node-forge"...?
[2/4] Initialising dependency graph...
warning Resolution field "typescript@4.0.2" is incompatible with requested version "typescript@~3.7.2"
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "node-forge@0.10.0"
info Has been hoisted to "node-forge"
info Reasons this module exists
   - "workspace-aggregator-769bdfc4-0bbe-4d84-b300-6e610c789125" depends on it
   - Specified in "dependencies"
   - Hoisted from "_project_#node-forge"
   - Hoisted from "_project_#@elastic#request-crypto#node-jose#node-forge"
info Disk size without dependencies: "1.77MB"
info Disk size with unique dependencies: "1.77MB"
info Disk size with transitive dependencies: "1.77MB"
info Number of shared dependencies: 0
=> Found "selfsigned#node-forge@0.9.0"
info This module exists because "_project_#@osd#ui-framework#webpack-dev-server#selfsigned" depends on it.
Done in 1.38s.

After

$ yarn why node-forge
yarn why v1.22.10
[1/4] Why do we have the module "node-forge"...?
[2/4] Initialising dependency graph...
warning Resolution field "typescript@4.0.2" is incompatible with requested version "typescript@~3.7.2"
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "node-forge@0.10.0"
info Has been hoisted to "node-forge"
info Reasons this module exists
   - "workspace-aggregator-b6202680-c93b-4c19-a2e9-6c8e65513a09" depends on it
   - Specified in "dependencies"
   - Hoisted from "_project_#node-forge"
   - Hoisted from "_project_#@elastic#request-crypto#node-jose#node-forge"
   - Hoisted from "_project_#@osd#ui-framework#webpack-dev-server#selfsigned#node-forge"
info Disk size without dependencies: "1.77MB"
info Disk size with unique dependencies: "1.77MB"
info Disk size with transitive dependencies: "1.77MB"
info Number of shared dependencies: 0
Done in 1.36s.

Testing

Screen Shot 2021-06-24 at 10 18 19 AM

Issues Resolved

N/A

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

This addresses known security vulnerabilities related to node-forge.

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley added dependencies Pull requests that update a dependency file v1.0.0 labels Jun 24, 2021
@tmarkley tmarkley requested review from kavilla and ananzh June 24, 2021 15:19
@tmarkley tmarkley self-assigned this Jun 24, 2021
@opensearch-ci-bot
Copy link
Collaborator

✅   DCO Check Passed 78e6dd0

Copy link
Member

@ananzh ananzh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@kavilla kavilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested dev tools as well. LGTM!

@tmarkley tmarkley merged commit aca9d22 into opensearch-project:main Jun 25, 2021
@tmarkley tmarkley deleted the deps-node-forge branch June 25, 2021 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file v1.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants