Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix normalize-url vulnerability #16375

Merged
merged 1 commit into from
Jun 11, 2021

Conversation

bbovenzi
Copy link
Contributor

@bbovenzi bbovenzi commented Jun 10, 2021

Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054


^ Add meaningful description above

Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.

@boring-cyborg boring-cyborg bot added area:UI Related to UI/UX. For Frontend Developers. area:webserver Webserver related Issues labels Jun 10, 2021
@ashb ashb added this to the Airflow 2.1.1 milestone Jun 10, 2021
@github-actions github-actions bot added the okay to merge It's ok to merge this PR as it does not require more tests label Jun 10, 2021
@github-actions
Copy link

The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease.

Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054
@kaxil kaxil force-pushed the fix-yarn-package-vulnerability branch from 09cda43 to bea24b2 Compare June 10, 2021 23:11
@ashb ashb merged commit 70bf1b1 into apache:main Jun 11, 2021
@ashb ashb deleted the fix-yarn-package-vulnerability branch June 11, 2021 05:57
ashb pushed a commit that referenced this pull request Jun 22, 2021
Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054

(cherry picked from commit 70bf1b1)
kaxil pushed a commit to astronomer/airflow that referenced this pull request Jun 22, 2021
Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054

(cherry picked from commit 70bf1b1)
(cherry picked from commit b578120)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:UI Related to UI/UX. For Frontend Developers. area:webserver Webserver related Issues okay to merge It's ok to merge this PR as it does not require more tests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants