Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DCJ-400: Update micromatch from 4.0.7 to 4.0.8 #2654

Merged
merged 1 commit into from
Aug 26, 2024
Merged

DCJ-400: Update micromatch from 4.0.7 to 4.0.8 #2654

merged 1 commit into from
Aug 26, 2024

Conversation

rushtong
Copy link
Contributor

@rushtong rushtong commented Aug 23, 2024
edited
Loading

Addresses

Ticket: https://broadworkbench.atlassian.net/browse/DCJ-400
Advisory: GHSA-952p-6rrq-rcjv

Summary

This PR is a run of npm update micromatch to address the following error we're seeing in other PRs:

# npm audit report

micromatch  <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-9[5](https://github.com/DataBiosphere/duos-ui/actions/runs/10530677665/job/29181100116?pr=2653#step:4:6)2p-[6](https://github.com/DataBiosphere/duos-ui/actions/runs/10530677665/job/29181100116?pr=2653#step:4:7)rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch

1 moderate severity vulnerability

To address all issues, run:
  npm audit fix

Have you read Terra's Contributing Guide lately? If not, do that first.

  • Label PR with a Jira ticket number and include a link to the ticket
  • Label PR with a security risk modifier [no, low, medium, high]
  • PR describes scope of changes
  • Get a minimum of one thumbs worth of review, preferably two if enough team members are available
  • Get PO sign-off for all non-trivial UI or workflow changes
  • Verify all tests go green
  • Test this change deployed correctly and works on dev environment after deployment

@rushtong rushtong requested a review from a team as a code owner August 23, 2024 19:09
@rushtong rushtong requested review from fboulnois and okotsopoulos and removed request for a team August 23, 2024 19:09
@rushtong rushtong mentioned this pull request Aug 23, 2024
Merged
@rushtong rushtong added dependency Dependencies security Pull requests that address a security vulnerability npm labels Aug 26, 2024
fboulnois
fboulnois approved these changes Aug 26, 2024
View reviewed changes
Copy link
Contributor

@fboulnois fboulnois left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rushtong rushtong merged commit e052096 into develop Aug 26, 2024
9 checks passed
@rushtong rushtong deleted the gr-DCJ-400-update-micromatch branch August 26, 2024 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@okotsopoulos okotsopoulos okotsopoulos approved these changes

@fboulnois fboulnois fboulnois approved these changes

Assignees
No one assigned
Labels
dependency Dependencies npm security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rushtong @fboulnois @okotsopoulos