Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address security advisories #3280

Merged
merged 5 commits into from
Oct 12, 2021
Merged

Address security advisories #3280

merged 5 commits into from
Oct 12, 2021

Conversation

rickycodes
Copy link
Contributor

Description

A whole slew of advisories came in recently. this PR addresses those. the ones that could be upgraded have been and the ones that could be addressed via resolutions also have been. there are a couple cases where there have yet to be any resolutions and so those have been ignored until we can come up with a better solution.

@rickycodes rickycodes requested a review from a team as a code owner October 11, 2021 14:01
@github-actions
Copy link
Contributor

github-actions bot commented Oct 11, 2021
edited
Loading

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@sethkfman
Copy link
Contributor

I have read the CLA Document and I hereby sign the CLA

Cal-L
Cal-L approved these changes Oct 11, 2021
View reviewed changes
Copy link
Contributor

@Cal-L Cal-L left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But does this need some kind of regression since some library versions a resolved to a specific version?

Cal-L
Cal-L reviewed Oct 11, 2021
View reviewed changes
bitrise.yml Outdated Show resolved Hide resolved
@sethkfman
Copy link
Contributor

LGTM. But does this need some kind of regression since some library versions a resolved to a specific version?

I think that makes sense.

@cortisiko & @ibrahimtaveras00 Do you think we can cover this in the next release regression?

@rickycodes rickycodes changed the title address advisories Address security advisories Oct 12, 2021
@rickycodes rickycodes merged commit b7ef228 into develop Oct 12, 2021
@rickycodes rickycodes deleted the fix/yarn-ci branch October 12, 2021 16:06
@github-actions github-actions bot locked and limited conversation to collaborators Oct 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Cal-L Cal-L Cal-L approved these changes

@sethkfman sethkfman sethkfman left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rickycodes @sethkfman @Cal-L