Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security updates #314

Merged
merged 13 commits into from Jun 8, 2020
Merged

Security updates #314

merged 13 commits into from Jun 8, 2020

Conversation

G-Rath
Copy link
Contributor

@G-Rath G-Rath commented Apr 9, 2020

This addresses the majority of security vulnerabilities; there are two outstanding for lighthouse, which are unlikely to be patched in the 5.x.x branch, but for now this is the best we can do so will have to circle back to make a decision on what to do about that later.

@G-Rath G-Rath force-pushed the security-updates branch 2 times, most recently from 6ed9d63 to 87361a8 Compare April 9, 2020 02:18
@G-Rath
Copy link
Contributor Author

G-Rath commented Apr 9, 2020
edited

I've removed the yarn integrity check as it's failing CI while being plain wrong.

I've regenerated the lock three different times in three different ways, and still cannot make yarn check happy, which isn't surprising since it's not maintained and so just buggy.

I've verified that the packages whose versions it claims are wrong are in fact the right versions, again pointing towards yarn check being wrong.

This was verified on both my local & with @trevh-ack (shout out thank-you for the pairing).

yarn check itself has been removed from v2.0 of yarn, and not recommended for use by the maintainer.

webpacker is going to remove this option at some point

@G-Rath G-Rath requested a review from eoinkelly April 9, 2020 02:50
@G-Rath G-Rath force-pushed the security-updates branch 2 times, most recently from ff28e91 to 16a5dee Compare May 18, 2020 22:03
@G-Rath G-Rath mentioned this pull request May 21, 2020
Merged
@joshmcarthur joshmcarthur merged commit 6d22b3b into master Jun 8, 2020
@joshmcarthur joshmcarthur deleted the security-updates branch June 8, 2020 04:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshmcarthur joshmcarthur joshmcarthur approved these changes

@l-suzuki l-suzuki Awaiting requested review from l-suzuki

@mischa-s mischa-s Awaiting requested review from mischa-s

@trevh-ack trevh-ack Awaiting requested review from trevh-ack

@eoinkelly eoinkelly Awaiting requested review from eoinkelly

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@G-Rath @joshmcarthur