Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update underscore to 1.12.1 #677

Merged
merged 1 commit into from
Apr 28, 2021
Merged

Update underscore to 1.12.1 #677

merged 1 commit into from
Apr 28, 2021

Conversation

HarshaNalluru
Copy link
Member

Component Governance from DevOps complains of the underscore dependency in azure-sdk-for-js repo.

  • Pulled in by event-processor-host since it depends on azure-storage
  • Need to update underscore to ^1.12.1 to fix the problem

@coveralls
Copy link

Coverage Status

Coverage remained the same at 91.696% when pulling 35c3a76 on HarshaNalluru:harshan/update-underscore into 333c924 on Azure:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage remained the same at 91.696% when pulling 35c3a76 on HarshaNalluru:harshan/update-underscore into 333c924 on Azure:master.

@mhassan1 mhassan1 mentioned this pull request Apr 7, 2021
Closed
ramya-rao-a
ramya-rao-a reviewed Apr 9, 2021
View reviewed changes
package.json
@@ -29,7 +29,7 @@
"md5.js": "1.3.4",
"readable-stream": "~2.0.0",
"request": "^2.86.0",
"underscore": "~1.8.3",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@XiaoningLiu Do you recall any reason why ~ was used here instead of ^
Am wondering if us making this change will cause any issues

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ramya-rao-a , @XiaoningLiu , could we run some integration tests in order to validate this security fix?

goelankit
goelankit reviewed Apr 23, 2021
View reviewed changes
Copy link

@goelankit goelankit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the package version as well. We are looking to consume this change downstream as we are getting security alerts as well for this dependency.

@XiaoningLiu XiaoningLiu merged commit 126bbf6 into Azure:master Apr 28, 2021
@phawxby
Copy link

phawxby commented May 6, 2021

@XiaoningLiu without a package update this merge isn't helping anyone.

@joaomoreno
Copy link

@HarshaNalluru Let's release this.

@EmmaZhu
Copy link
Member

EmmaZhu commented May 7, 2021

Hi,
We are working on a release for this. Should be able to release it in the next two weeks.

Thanks
Emma

@bsegault
Copy link

bsegault commented May 7, 2021

@EmmaZhu @XiaoningLiu Can we help in any way to speed up the release?

@dpwatrous dpwatrous mentioned this pull request May 7, 2021
Merged
@HarshaNalluru HarshaNalluru deleted the harshan/update-underscore branch May 7, 2021 19:01
@lucioperca lucioperca mentioned this pull request May 8, 2021
Closed
@soulchild soulchild mentioned this pull request May 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goelankit goelankit goelankit left review comments

@ramya-rao-a ramya-rao-a ramya-rao-a left review comments

@GuillermoBlanco GuillermoBlanco GuillermoBlanco left review comments

@XiaoningLiu XiaoningLiu XiaoningLiu approved these changes

@EmmaZhu EmmaZhu EmmaZhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@HarshaNalluru @coveralls @phawxby @joaomoreno @EmmaZhu @bsegault @GuillermoBlanco @XiaoningLiu @ramya-rao-a @goelankit