Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: [#4684] Update some dependencies to latest version #4737

Merged
merged 6 commits into from
Sep 10, 2024
Merged

fix: [#4684] Update some dependencies to latest version #4737

merged 6 commits into from
Sep 10, 2024

Conversation

sw-joelmut
Copy link
Collaborator

@sw-joelmut sw-joelmut commented Sep 2, 2024
edited
Loading

Addresses #4684
Fixes #4734
#minor

Description

This PR fixes the remaining vulnerabilities (CVE-2024-43788, CVE-2015-8855, CVE-2017-16137, CVE-2017-16137).

Specific Changes

  • Removed browserify-fs as it was preventing updating bl and semver packages to non-vulnerable versions.
  • Removed resolutions for ejs and lodash.pick as nightwatch package was updated to fix semver vulnerability.
  • Updated webpack to fix a vulnerability that appeared when running yarn audit.
  • Updated debug version to anon-vulnerable one by updating the yarn.lock.

Testing

The following image shows the botframework-connector browser continues working, and no new vulnerabilities have been found.
image
image

@sw-joelmut sw-joelmut requested a review from a team as a code owner September 2, 2024 14:44
@coveralls
Copy link

coveralls commented Sep 2, 2024
edited
Loading

Pull Request Test Coverage Report for Build 10794921384

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.4%) to 84.052%
Totals Coverage Status
Change from base Build 10793905985: -0.4%
Covered Lines: 20351
Relevant Lines: 22910
💛 - Coveralls

@sw-joelmut sw-joelmut changed the title fix: Update some dependencies to latest version fix: [#4684] Update some dependencies to latest version Sep 3, 2024
@tracyboehrer tracyboehrer merged commit 9e5e1bb into main Sep 10, 2024
11 of 13 checks passed
@tracyboehrer tracyboehrer deleted the southworks/fix/semver branch September 10, 2024 14:59
@dominykas
Copy link

Thank you! 🙇

This was referenced Oct 30, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Nov 6, 2024
Open
Open
Open
Open
Open
This was referenced Nov 11, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tracyboehrer tracyboehrer tracyboehrer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Please reconsider the use of browserify-fs
4 participants
@sw-joelmut @coveralls @dominykas @tracyboehrer