Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): ignore ws vulnerability #5553

Merged
merged 3 commits into from
Jun 18, 2024
Merged

build(deps): ignore ws vulnerability #5553

merged 3 commits into from
Jun 18, 2024

Conversation

MuckT
Copy link
Collaborator

@MuckT MuckT commented Jun 17, 2024
edited
Loading

Description

Ignores the latest vulnerability to ws: GHSA-3h5v-q93c-6h6q.

Test plan

  • Tested in CI

Related issues

N/A

Backwards compatibility

Yes

Network scalability

N/A

@codecov Codecov
Copy link

codecov bot commented Jun 17, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.46%. Comparing base (3133225) to head (5d1cda7).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##             main    #5553    +/-   ##
========================================
  Coverage   86.46%   86.46%            
========================================
  Files         762      762            
  Lines       31456    31456            
  Branches     5420     5129   -291     
========================================
  Hits        27198    27198            
- Misses       4027     4216   +189     
+ Partials      231       42   -189

see 78 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3133225...5d1cda7. Read the comment docs.

satish-ravi
satish-ravi reviewed Jun 17, 2024
View reviewed changes
yarn.lock Outdated Show resolved Hide resolved
yarn.lock Outdated Show resolved Hide resolved
package.json Outdated
Comment on lines 348 to 351
"ws@5.0.0": "^5.2.4",
"ws@6.0.0": "^6.2.3",
"ws@7.0.0": "^7.5.10",
"ws@8.0.0": "^8.17.1"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think if you'd need to use ws@5.x, ws@6.x, etc. This seems like it would resolve only exact 5.0.0, 6.0.0 versions

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That didn't work either. Based on @jh2oman response in Slack; I've opted to ignore the vulnerability.

@MuckT MuckT changed the title build(deps): add ws resolution build(deps): ignore ws vulnerability Jun 17, 2024
@MuckT MuckT added this pull request to the merge queue Jun 18, 2024
Merged via the queue into main with commit 8394ddd Jun 18, 2024
17 checks passed
@MuckT MuckT deleted the tomm/ws-resolution branch June 18, 2024 01:23
@MuckT MuckT mentioned this pull request Jun 18, 2024
Merged
MuckT added a commit that referenced this pull request Jun 18, 2024
@MuckT
chore: adjust yarn audit known issues (#5556)
4466c7b 
      ### Description

Follow up to #5553, but the order in known issues has changed.

### Test plan

- Tested with CI

### Related issues

N/A

### Backwards compatibility

Yes

### Network scalability

N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@satish-ravi satish-ravi satish-ravi left review comments

@jh2oman jh2oman jh2oman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MuckT @satish-ravi @jh2oman