Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump node-fetch from 2.6.1 to 2.6.7 to resolve a security vulnerability #3082 #3263

Merged
merged 4 commits into from
Jun 26, 2022

Conversation

blulady
Copy link
Member

@blulady blulady commented Jun 20, 2022

Fixes #3082

What changes did you make and why did you make them ?

After making changes and pulling them into my local; website looked good, links (both external and internal worked) and seemed fully functional.

Screenshots of Proposed Changes Of The Website (if any, please do not screen shot code changes)

no visual changes but I took pictures of the process and posted them in my comment
#3082

dependabot bot and others added 2 commits June 20, 2022 16:00
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
…ions/github-data/node-fetch-2.6.7

Bump node-fetch from 2.6.1 to 2.6.7 in /github-actions/github-data
@github-actions
Copy link

Want to review this pull request? Take a look at this documentation for a step by step guide!

From your project repository, check out a new branch and test the changes.

git checkout -b blulady-gh-pages gh-pages
git pull https://github.com/blulady/website.git gh-pages

@blulady blulady marked this pull request as ready for review June 20, 2022 16:38
@github-actions github-actions bot added Feature: Board/GitHub Maintenance Project board maintenance that we have to do repeatedly role: back end/devOps Tasks for back-end developers size: 2pt Can be done in 7-12 hours Complexity: Medium Status: Help Wanted Internal assistance is required to make progress Status: Updated No blockers and update is ready for review Status: Urgent Needs to be worked on immediately labels Jun 20, 2022
@kathrynsilvaconway kathrynsilvaconway self-requested a review June 21, 2022 01:21
@kathrynsilvaconway
Copy link
Member

ETA: End of Day on 6/26
Availability: 2 hours

Copy link
Member

@Sparky-code Sparky-code left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Group review addressed all points and it looks all correct. Automatic upgrade through dependabot. Thanks!

Copy link
Member

@kathrynsilvaconway kathrynsilvaconway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@blulady Nice work on this issue. I can see that you updated node-fetch on you own repository and checked all the necessary files. As we've discussed, you've done the necessary research and determined that there are no known issues with this update in other repositories. Great job overall.

@kathrynsilvaconway kathrynsilvaconway merged commit 2830052 into hackforla:gh-pages Jun 26, 2022
JessicaLucindaCheng added a commit to JessicaLucindaCheng/website that referenced this pull request Jun 29, 2022
Used a squash and merge for this



* Applied Title classes to heading elements on donate page (hackforla#2723)

* applied Title classes to heading elements on donate page, repositioned first h1 element on page to align with paragraph.

* changed Titlex classes to titlex, removed title classes from sass file.

* fixed requested errors

* Fixed the styling issues, localhost and hfla site match.

* made requested changes

* commiting changes so I can sync with upstream.

* made requested changes

* Removed Ready for milestone for Pre-work Template - Developers

Reason: Tech leads should manually check the preworks before adding ready for milestone label

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* Update issue templates

* Update meeting data

* Update contributor and language data

* Edited the content field and removed the type field so that redundant code is removed and the code is easier to understand (hackforla#3182)

Merged hackforla#3182 into gh-pages.

* Remove alt-hero field from civic-opportunity-project.md project file hackforla#2923 (hackforla#3173)

* Update meeting data

* Update contributor and language data

* Update pre-work-template--dev.md (hackforla#3192)

* Update dev prework template

* Update pre-work-template---design.md (hackforla#3184)

Bonnie asked to update the design template

* Updated dev prework template

* Update dev prework template

* Update meeting data

* Update contributor and language data

* Update issue templates

Updated estimates, time spent so far and progress report items.

* Update CONTRIBUTING.md

Added a note about leaving issues (other than pre-work) in In progress column until merged.

* Fixed Project md file: Removing unused `alt-hero` field

* Fix Alt Text Audit - Design issue template

I did not make edits as part of commit fd642a4 to .github/ISSUE_TEMPLATE/alt-text-audit---design.md but for some reason changes were made. I fixed it here by editing the file to change it back.

* Update meeting data

* Update contributor and language data

* Edited content field and removed (hackforla#3193)

Merged hackforla#3193 into gh-pages.

* Update CONTRIBUTING.md

Added link of a filtered project board for back end good first issues.

* removed unused alt-hero field (hackforla#3178)

Co-authored-by: Olanrewaju-Ak <[email protected]>

* Update meeting data

* Update contributor and language data

* Updated Project Profile Card review and update template

Capitalized GitHub in the links section

* Updated Pre-work Template - Developers

Changed team lead to technical lead

* Update issue templates (hackforla#3219)

updated developer prework template

* edit content field and remove type field from _data/interal/credits/resume.yml (hackforla#3218)

* Update README.md

* Remove alt-text field in github-issues.html, responsible-use-of-images-on-opensource-projects.html, setting-up-1password-on-opensource-projects.html, all within the _guide-pages directory (hackforla#3176)

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* removed unused filed (hackforla#3221)

* Removed type field 2878 (hackforla#3185)

* modified content field

* removed type field

* modified content field

* removed type field

* revert jekyll version

* Update meeting data

* Update contributor and language data

* Update developer pre-work issues

* Update meeting data

* Update contributor and language data

* Update image location sponsors 2458 (hackforla#2984)

* update image location for sponsors

* update image location for sponsors

* update class logo img

* update code in sponsors.hmtl

* add scss to cfa logo in citizen-engagement page

* Remove alt hero field 3215 (hackforla#3231)

* Docker-compose file update

* Reverted docker-compose file from '4.2.0' back to 'pages'

* alt-hero field deleted

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* remove unused alt field from vrms.md project file (hackforla#3226)

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* Lucky parking 2916 (hackforla#3086)

* changed the spelling from webapp to web app on line 56

* chnaged the double quotes around the links  to single quotes

* Update meeting data

* Update meeting data

* Update contributor and language data

* Update dev prework issue template

* Update meeting data

* Update contributor and language data

* Add h tags 2952 (hackforla#3237)

* add civic tech overview page to assets folder

* change link in markdown file

* Update merge conflict

* Change p tags to h tags

* Removed the alt text for the 311 project card image (hackforla#3241)

to adhere to WCAG.

* Update meeting data

* Update contributor and language data

* added a new note in section 2.2 before the existing one (hackforla#3235)

Co-authored-by: Olanrewaju-Ak <[email protected]>

* update project profile of home unite us page (hackforla#3162)

* removed Abiha Ali and added Ben Ross under leadership for home unite us page

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* updated calendar-time.yml (hackforla#3258)

Co-authored-by: olivi <[email protected]>

* Update meeting data

* Update contributor and language data

* Removed credits type field and renamed content to content-type in redo.yml (hackforla#3285)

* Update meeting data

* Update contributor and language data

* Updated how 'overview' link opens for Home Unite US (hackforla#3224)

* Updated how 'overview' link opens for Home Unite US

* Update meeting data

* Update contributor and language data

* removed unused filed (hackforla#3221)

* Removed type field 2878 (hackforla#3185)

* modified content field

* removed type field

* modified content field

* removed type field

* revert jekyll version

* Updated how 'overview' link opens for Home Unite US

Co-authored-by: GitHub Actions Bot <[email protected]>
Co-authored-by: Arpita <[email protected]>

* changed line 4 for the content field from content:icon to content-type:image. Also removed line 11 type:icon (hackforla#3264)

* Update meeting data

* Update contributor and language data

* Changed sdg image's alt text for access the data (hackforla#3288)

* Resolve issue 2155 to add a comment reminding new issue assignees to add their ETA and availability (hackforla#2962)

* changed content and type into one field: content-type (hackforla#3291)

Co-authored-by: tunglinn <[email protected]>

* update instructions template 2897 (hackforla#3262)

Co-authored-by: olivi <[email protected]>

* Update meeting data

* Update contributor and language data

* Update meeting data

* Update contributor and language data

* Updated website team members (hackforla#3298)

* Changed from Content to Content-Type (hackforla#3297)

* changed from content to content type

* ignore

* Change content to content-type

* edited and removed words (hackforla#3287)

Co-authored-by: Lily Arjomand <[email protected]>

* Update meeting data

* Update contributor and language data

* Bump node-fetch from 2.6.1 to 2.6.7 in /github-actions/github-data (hackforla#3263)

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* changed line 4 and deleted line 11 (hackforla#3303)

Co-authored-by: Riya Aswani <[email protected]>

* Update meeting data

* Update contributor and language data

* Changed alt text for card image (hackforla#3304)

Co-authored-by: Lily Arjomand <[email protected]>

* Update issue templates

* Update meeting data

* Update contributor and language data

* changed image alt in lucky-parking.md (hackforla#3317)

Co-authored-by: tunglinn <[email protected]>

* Change alt text for citizen engagement html file (hackforla#3320)

* changed from content to content type

* change content to content-type

* change content to content-type

* change content to content-type

* change content to content-type

* change alt text line 52

* reset docker-compose

Co-authored-by: Patrick McGuigan <[email protected]>
Co-authored-by: GitHub Actions Bot <[email protected]>
Co-authored-by: alan-zambrano <[email protected]>
Co-authored-by: mmogri <[email protected]>
Co-authored-by: Ava Li <[email protected]>
Co-authored-by: phuonguvan <[email protected]>
Co-authored-by: Saumil Dhankar <[email protected]>
Co-authored-by: mchavezm <[email protected]>
Co-authored-by: Akinola Olanrewaju <[email protected]>
Co-authored-by: Olanrewaju-Ak <[email protected]>
Co-authored-by: Bonnie Wolfe <[email protected]>
Co-authored-by: Don Brower <[email protected]>
Co-authored-by: Julian Smith <[email protected]>
Co-authored-by: Arpita <[email protected]>
Co-authored-by: Jason Yee <[email protected]>
Co-authored-by: Matthew Arofin <[email protected]>
Co-authored-by: Erick Odero <[email protected]>
Co-authored-by: riddle015 <[email protected]>
Co-authored-by: Trisha Johnson <[email protected]>
Co-authored-by: Olivia Wang <[email protected]>
Co-authored-by: olivi <[email protected]>
Co-authored-by: Beckett OBrien <[email protected]>
Co-authored-by: Utkarsh Saboo <[email protected]>
Co-authored-by: Tung Lin <[email protected]>
Co-authored-by: tunglinn <[email protected]>
Co-authored-by: Clayton Brossia <[email protected]>
Co-authored-by: Lily Arjomand <[email protected]>
Co-authored-by: Lily Arjomand <[email protected]>
Co-authored-by: Sarah Sanger <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Riya Aswani <[email protected]>
Co-authored-by: Riya Aswani <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Complexity: Medium Feature: Board/GitHub Maintenance Project board maintenance that we have to do repeatedly role: back end/devOps Tasks for back-end developers size: 2pt Can be done in 7-12 hours Status: Help Wanted Internal assistance is required to make progress Status: Updated No blockers and update is ready for review Status: Urgent Needs to be worked on immediately
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bump node-fetch from 2.6.1 to 2.6.7 to resolve a security vulnerability
3 participants