Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update node packages to fix security vulnerabilities #2575

Merged
merged 7 commits into from
May 12, 2022

Conversation

akchinSTC
Copy link
Member

@akchinSTC akchinSTC commented Mar 16, 2022

What changes were proposed in this pull request?

This PR resolves a number of security vulnerabilities

medium

high

critical

How was this pull request tested?

PR was run against the test-ui target test suite.

Developer's Certificate of Origin 1.1

   By making a contribution to this project, I certify that:

   (a) The contribution was created in whole or in part by me and I
       have the right to submit it under the Apache License 2.0; or

   (b) The contribution is based upon previous work that, to the best
       of my knowledge, is covered under an appropriate open source
       license and I have the right under that license to submit that
       work with modifications, whether created in whole or in part
       by me, under the same open source license (unless I am
       permitted to submit under a different license), as indicated
       in the file; or

   (c) The contribution was provided directly to me by some other
       person who certified (a), (b) or (c) and I have not modified
       it.

   (d) I understand and agree that this project and the contribution
       are public and that a record of the contribution (including all
       personal information I submit with it, including my sign-off) is
       maintained indefinitely and may be redistributed consistent with
       this project or the open source license(s) involved.

@akchinSTC akchinSTC marked this pull request as draft March 16, 2022 18:27
@akchinSTC akchinSTC marked this pull request as ready for review March 16, 2022 18:29
@akchinSTC akchinSTC marked this pull request as draft March 16, 2022 18:31
@elyra-bot
Copy link

elyra-bot bot commented Mar 16, 2022

Thanks for making a pull request to Elyra!

To try out this branch on binder, follow this link: Binder

@akchinSTC akchinSTC marked this pull request as ready for review March 16, 2022 20:30
@akchinSTC akchinSTC marked this pull request as draft March 16, 2022 21:29
@akchinSTC akchinSTC linked an issue Mar 17, 2022 that may be closed by this pull request
@akchinSTC akchinSTC added component:build build and build related issues(dependencies and docker) external:Upstream Depended on deliverables in other repos outside the elyra org labels Mar 17, 2022
@akchinSTC
Copy link
Member Author

akchinSTC commented Mar 17, 2022

Update to use react-scripts v5.0.0 is causing us to pull in a problematic release(v27) causing the ui-tests to fail.
Looks like a fix is in place pending release of jest v28.
See jestjs/jest#11444

@akchinSTC akchinSTC marked this pull request as ready for review May 9, 2022 21:31
@akchinSTC akchinSTC requested a review from marthacryan May 9, 2022 21:33
@akchinSTC akchinSTC removed impact:blocked external:Upstream Depended on deliverables in other repos outside the elyra org labels May 10, 2022
@karlaspuldaro
Copy link
Member

Dependency marked | Version< 4.0.10 | Upgrade to~> 4.0.10
CVE-2022-21680 High severity
CVE-2022-21681 High severity

being addressed upstream - JupyterLab PR #12535

@akchinSTC akchinSTC added this to the 3.9.0 milestone May 10, 2022
@akchinSTC akchinSTC merged commit 5345dc8 into elyra-ai:master May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component:build build and build related issues(dependencies and docker)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update out-of-date node packages to address security issues
3 participants