Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bulk fix CVEs via dependency resolution overrides 2023-10-23 #2830

Merged
merged 1 commit into from
Nov 15, 2023
Merged

build(deps): bulk fix CVEs via dependency resolution overrides 2023-10-23 #2830

merged 1 commit into from
Nov 15, 2023

Conversation

petermetz
Copy link
Contributor

@petermetz petermetz commented Oct 24, 2023
edited
Loading

  1. Couldn't get rid of vulnerable versions in a couple of dependencies
    because the underlying dependencies have gone ESM only which is a blocker
    for us at the moment unfortunately.
  2. Swapped out the ubiquity TS client to a version of it that I self
    published onto npm after a full renovation of all of its dependencies.

Depends on #2807 (because that one also has a couple of dependency bumps
that are needed to eliminate the vulnerabilities)

Fixes #2828
Fixes #2544

Signed-off-by: Peter Somogyvari [email protected]

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@petermetz petermetz enabled auto-merge (rebase) October 24, 2023 21:11
@petermetz petermetz changed the title Petermetz/issue2828 build(deps): bulk fix CVEs via dependency resolution overrides 2023-10-23 Oct 24, 2023
@petermetz
Copy link
Contributor Author

cc: @RafaelAPB (please see point 2)

jagpreetsinghsasan
jagpreetsinghsasan approved these changes Oct 26, 2023
View reviewed changes
Copy link
Contributor

@jagpreetsinghsasan jagpreetsinghsasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jagpreetsinghsasan
jagpreetsinghsasan approved these changes Oct 26, 2023
View reviewed changes
Copy link
Contributor

@jagpreetsinghsasan jagpreetsinghsasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

izuru0
izuru0 approved these changes Oct 30, 2023
View reviewed changes
Copy link
Contributor

@izuru0 izuru0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@petermetz petermetz force-pushed the petermetz/issue2828 branch 2 times, most recently from b1bee26 to 63d61d2 Compare November 7, 2023 00:09
@petermetz
build(deps): bulk fix CVEs via dependency resolution overrides 2023-1…
d750adc 
…0-23

1. Couldn't get rid of vulnerable versions in a couple of dependencies
because the underlying dependencies have gone ESM only which is a blocker
for us at the moment unfortunately.
2. Swapped out the ubiquity TS client to a version of it that I self
published onto npm after a full renovation of all of its dependencies.

Depends on hyperledger-cacti#2807 (because that one also has a couple of dependency bumps
that are needed to eliminate the vulnerabilities)

Fixes hyperledger-cacti#2828

Signed-off-by: Peter Somogyvari <[email protected]>
@petermetz petermetz requested a review from outSH as a code owner November 15, 2023 23:47
@github-actions GitHub Actions
Copy link

This PR/issue depends on:

@petermetz petermetz merged commit 2510ff5 into hyperledger-cacti:main Nov 15, 2023
24 of 56 checks passed
@petermetz petermetz deleted the petermetz/issue2828 branch November 15, 2023 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@izuru0 izuru0 izuru0 approved these changes

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@takeutak takeutak Awaiting requested review from takeutak takeutak is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna is a code owner

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES is a code owner

@outSH outSH Awaiting requested review from outSH outSH is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@petermetz @jagpreetsinghsasan @izuru0