Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve vulnerabilities #1167

Merged
merged 16 commits into from
Feb 13, 2024
Merged

Resolve vulnerabilities #1167

merged 16 commits into from
Feb 13, 2024

Conversation

EmilyZhang777
Copy link
Contributor

@EmilyZhang777 EmilyZhang777 commented Feb 5, 2024
edited by nmanu1
Loading

This PR resolves the following vulnerabilities:

  • upgrade webpack to version 5.90.1 to resolve vulnerability to Improper Access Control in versions lower than 5.76.0
  • upgrade http-cache-semantics to version 4.1.1 to resolve vulnerability to Inefficient Regular Expression Complexity in versions lower than 4.1.1
  • upgrade get-func-name to version 2.0.2 to resolve vulnerability to Uncontrolled Resource Consumption / Inefficient Regular Expression Complexity in versions lower than 2.0.1
  • remove insecure document methods

J=VULN-37755 - VULN-37760, VULN-38372, VULN-38400, VULN-38433

@coveralls
Copy link

coveralls commented Feb 5, 2024
edited
Loading

Coverage Status

coverage: 9.35% (+0.03%) from 9.317%
when pulling f753621 on dev/vulnerabilities
into 15a7135 on master.

nmanu1
nmanu1 reviewed Feb 5, 2024
View reviewed changes
static/js/theme-map/Maps/Providers/Leaflet.js Outdated Show resolved Hide resolved
static/js/default-map-api-key.js Outdated Show resolved Hide resolved
static/js/default-map-api-key.js Outdated Show resolved Hide resolved
test-site/scripts/build.sh Outdated Show resolved Hide resolved
@likimmy likimmy requested a review from benmcginnis February 7, 2024 20:06
nmanu1
nmanu1 reviewed Feb 7, 2024
View reviewed changes
.github/workflows/run-tests.yml Outdated Show resolved Hide resolved
static/js/theme-map/Maps/Providers/Baidu.js Outdated Show resolved Hide resolved
static/js/theme-map/Util/Accessibility.js Outdated Show resolved Hide resolved
nmanu1
nmanu1 reviewed Feb 7, 2024
View reviewed changes
static/sample.env Outdated Show resolved Hide resolved
nmanu1
nmanu1 reviewed Feb 9, 2024
View reviewed changes
static/package.json Outdated Show resolved Hide resolved
static/js/theme-map/Maps/Providers/Baidu.js Outdated Show resolved Hide resolved
@nmanu1 nmanu1 changed the base branch from master to hotfix/v1.33.5 February 13, 2024 00:09
EmilyZhang777
EmilyZhang777 commented Feb 13, 2024
View reviewed changes
Copy link
Contributor Author

@EmilyZhang777 EmilyZhang777 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! But I can't approve it since I started this PR

@nmanu1 nmanu1 merged commit 2e4c744 into hotfix/v1.33.5 Feb 13, 2024
15 of 16 checks passed
@nmanu1 nmanu1 deleted the dev/vulnerabilities branch February 13, 2024 16:14
@nmanu1 nmanu1 mentioned this pull request Feb 20, 2024
Merged
nmanu1 added a commit that referenced this pull request Feb 20, 2024
@nmanu1
Version 1.33.5 (#1171)
b4bd5b5 
### Fixes
- Resolve vulnerabilities (#1167)
- Remove `span` styling and bump answers-search-ui version to 1.17 so icon `div`s are changed to `span`s without affecting their styling (#1169, #1170)
  - Note, any custom styling that is applied by targeting `div`s or `span`s directly may be impacted by this change. This could result in previously applied styles no longer being applied to these icons, or other styles inadvertently being applied to the icons
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@likimmy likimmy likimmy left review comments

@nmanu1 nmanu1 nmanu1 left review comments

@benmcginnis benmcginnis Awaiting requested review from benmcginnis

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@EmilyZhang777 @coveralls @benmcginnis @nmanu1 @likimmy