Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loosen loofah version restriction #358

Merged
merged 1 commit into from
Jan 8, 2024
Merged

Loosen loofah version restriction #358

merged 1 commit into from
Jan 8, 2024

Conversation

JeanMarcGoepfert
Copy link
Contributor

@JeanMarcGoepfert JeanMarcGoepfert commented Jan 3, 2024
edited

馃拹

/cc @zendesk/vegemite

Description

Makes the loofah dependency requirement looser to unblock the ZBT team. I tested this with ZAT and confirmed unit tests all still pass.

See https://zendesk.slack.com/archives/C1230V1CG/p1704180155370169 for context.

Hello Team Vegemite 馃憢 In our framework (ZBT) we are using zendesk_apps_support, and we are unable to bump rack to address the vulnerability reported by Snyk because of unresolved dependencies. zendesk_apps_support requires loofah to be >= 2.3.1', '< 2.20.0, but in ZBT we must bump loofah to 2.22.0 in order to allow us to upgrade rack.
Would you be able to loosen the version restriction so that we can perform the gem upgrade for our framework? Than

References

Link to a JIRA or GitHub issue here if relevant

Before merging this PR

  • Fill out the Risks section
  • Think about performance and security issues

Risks

  • [RUNTIME] Unlikely. Worst case is probably build issues for consumers of this gem.
  • [low] Just a dependency version change

@JeanMarcGoepfert JeanMarcGoepfert added the WIP Work in Progress PR label Jan 3, 2024
@JeanMarcGoepfert JeanMarcGoepfert requested review from a team as code owners January 3, 2024 02:52
@JeanMarcGoepfert JeanMarcGoepfert changed the title [WIP] Loosen loofa version restriction Loosen loofa version restriction Jan 7, 2024
@JeanMarcGoepfert JeanMarcGoepfert removed the WIP Work in Progress PR label Jan 7, 2024
@JeanMarcGoepfert JeanMarcGoepfert changed the title Loosen loofa version restriction Loosen loofah version restriction Jan 7, 2024
@JeanMarcGoepfert JeanMarcGoepfert force-pushed the loosen-loofah-version-requirement branch from 1a9abc6 to 46f1422 Compare January 8, 2024 02:13
@JeanMarcGoepfert JeanMarcGoepfert merged commit 402a11a into master Jan 8, 2024
12 checks passed
@JeanMarcGoepfert JeanMarcGoepfert deleted the loosen-loofah-version-requirement branch January 8, 2024 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@veera veera veera approved these changes

@jalee-zendesk jalee-zendesk jalee-zendesk approved these changes

@Shengming-Yan Shengming-Yan Shengming-Yan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@JeanMarcGoepfert @veera @jalee-zendesk @Shengming-Yan