Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update st to fix known vulnerability #575

Merged
merged 3 commits into from
Nov 1, 2018
Merged

update st to fix known vulnerability #575

merged 3 commits into from
Nov 1, 2018

Conversation

zkamvar
Copy link
Contributor

@zkamvar zkamvar commented Aug 7, 2018

I was alerted to a known vulnerability in the st package:
https://nvd.nist.gov/vuln/detail/CVE-2017-16224

GitHub's suggestion was to update st to version 1.2.2

PR task list:

  • Update NEWS
  • Add tests (if appropriate)
  • Update documentation with devtools::document()

zkamvar added 2 commits August 7, 2018 11:24
@zkamvar
update st to fix known vulnerability
a582350 
I was alerted to a known vulnerability in the st package:
https://nvd.nist.gov/vuln/detail/CVE-2017-16224

GitHub's suggestion was to update st to version 1.2.2
@zkamvar
update NEWS
f9b1626
@zkamvar zkamvar mentioned this pull request Aug 7, 2018
Merged
@schloerke
Copy link
Contributor

Good news is that the warning is a false positive as far as rstudio/leaflet is concerned. We are only taking the distributed files from leaflet-omnivore. We are not building anything nor using st directly.

leaflet-omnivore only uses st within their test suite.

But I also like notification bubbles to go away.

@schloerke
Copy link
Contributor

Hi @zkamvar

Could you ...

  1. Ensure that you have signed the individual or corporate contributor agreement as appropriate. You can send the signed copy to jj@rstudio.com.

Excerpt from rstudio/httpuv package, which you had no reason to know existed.

Please let me know when you've sent the email. Thank you for your help!

Best,
Barret

@schloerke schloerke added priority: high Must be fixed before next release effort: low < 1 day of work difficulty: novice Anyone could help labels Aug 7, 2018
@zkamvar
Copy link
Contributor Author

zkamvar commented Aug 7, 2018

Hi @schloerke,

I sent the email just before I made the pull request, hopefully it should be in the mailbox by now :)

@zkamvar zkamvar mentioned this pull request Aug 14, 2018
Merged
This was referenced Sep 11, 2018
Open
Closed
@zkamvar
Copy link
Contributor Author

zkamvar commented Oct 4, 2018

Bump

@schloerke schloerke requested a review from jcheng5 October 19, 2018 16:33
@schloerke schloerke requested review from schloerke and removed request for jcheng5 and schloerke October 26, 2018 18:42
@schloerke schloerke added the QA Waiting on QA label Oct 26, 2018
@schloerke schloerke removed the QA Waiting on QA label Oct 29, 2018
@schloerke schloerke merged commit fac6c48 into rstudio:master Nov 1, 2018
@zkamvar zkamvar deleted the update-st branch November 1, 2018 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
difficulty: novice Anyone could help effort: low < 1 day of work priority: high Must be fixed before next release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zkamvar @schloerke