Skip to content

I 12947 workaround #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
May 31, 2024
Merged

I 12947 workaround #4

merged 9 commits into from
May 31, 2024

Conversation

cameroncaci
Copy link

@cameroncaci cameroncaci commented May 31, 2024
edited
Loading

I-12947

Note

This is an indirect revert of efforts contributed during PR #3.

#3 was indirectly reverted due to this repository not being compatible with pdsjf-dist versions ^4.2.67, where the fix to a critical vulnerability identified from the mymove repo, for now the best course of action is to implement the workaround to avoid this vulnerability. The issue ticket will have the analysis attached and proposed method forward, however for now it is best to roll-back this repository's releases to an old version, v1.2.1, and implement the workaround increasing the version to v1.2.2. v1.2.2 will become the latest release. Every version current after v1.2.2 is not functional, even though it builds.

Changes proposed in this pull request:

  • Rollback the pdfjs-dist library update
  • Implement vulnerability workaround
  • Cherry-pick the tool versions commits from I-12947 node canvas #3

To simulate how it will function against mymove, conduct the following

  • Clone this repository and pull this branch
  • Run yarn link to create a symbolic dependency link
  • Cd into your local mymove repository, run yarn link @transcom/react-file-viewer, then reinstall via yarn install
  • Run your tests, as the "react-file-viewer" dependency will now be running this branch locally

How to test

Run yarn test inside this branch

@cameroncaci cameroncaci added bug Something isn't working enhancement New feature or request dependencies Pull requests that update a dependency file labels May 31, 2024
@cameroncaci cameroncaci self-assigned this May 31, 2024
@deandreJones

This comment was marked as resolved.

Sign in to view
@cameroncaci
Copy link
Author

cameroncaci commented May 31, 2024
edited
Loading

Added eslint bypass during merge, the linter didn't like the manual assignment of isEvalSupported = false

@deandreJones

This comment was marked as resolved.

Sign in to view
deandreJones
deandreJones reviewed May 31, 2024
View reviewed changes
@cameroncaci

This comment was marked as resolved.

Sign in to view
@cameroncaci
Copy link
Author

Reverted 85abde8 with some minor modifications

deandreJones
deandreJones approved these changes May 31, 2024
View reviewed changes
Copy link

@deandreJones deandreJones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high hopes!

@cameroncaci cameroncaci merged commit 10017b3 into main May 31, 2024
3 checks passed
@cameroncaci cameroncaci mentioned this pull request Jun 3, 2024
Merged
@cameroncaci cameroncaci mentioned this pull request Jun 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deandreJones deandreJones deandreJones approved these changes

@traskowskycaci traskowskycaci traskowskycaci approved these changes

@josiahzimmerman-caci josiahzimmerman-caci Awaiting requested review from josiahzimmerman-caci

Assignees

@cameroncaci cameroncaci

@traskowskycaci traskowskycaci

Labels
bug Something isn't working dependencies Pull requests that update a dependency file enhancement New feature or request
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cameroncaci @deandreJones @traskowskycaci