Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHIROS-823 updated loader-utils package version to fix a CVE #146

Merged
merged 1 commit into from
Dec 16, 2022
Merged

RHIROS-823 updated loader-utils package version to fix a CVE #146

merged 1 commit into from
Dec 16, 2022

Conversation

PreetiW
Copy link
Contributor

@PreetiW PreetiW commented Dec 12, 2022
edited
Loading

Description:

Fixes:

Bugzilla link:

More info: webpack/loader-utils#212
Prototype pollution in JS: https://learn.snyk.io/lessons/prototype-pollution/javascript/

V2.0.4: https://github.com/webpack/loader-utils/commits/v2.0.4
V1.4.2: https://github.com/webpack/loader-utils/commits/v1.4.2

Steps of fixing the issue

  1. Run npm audit to check all the vulnerabilities in the project, and scroll to see loader-utils related issues and affected packages

image

image

  1. Run npm update loader-utils to update the package to the version in which issues are fixed. And then run npm audit to check which vulnerabilities got fixed.

image

@codecov-commenter
Copy link

Codecov Report

Base: 22.89% // Head: 22.89% // No change to project coverage 👍

Coverage data is based on head (b05ddb6) compared to base (8547dec).
Patch has no changes to coverable lines.

❗ Current head b05ddb6 differs from pull request most recent head 3c5d094. Consider uploading reports for the commit 3c5d094 to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #146   +/-   ##
=======================================
  Coverage   22.89%   22.89%           
=======================================
  Files          48       48           
  Lines         913      913           
  Branches      164      164           
=======================================
  Hits          209      209           
  Misses        658      658           
  Partials       46       46

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@PreetiW
Copy link
Contributor Author

PreetiW commented Dec 16, 2022

Thank you @upadhyeammit & @r14chandra for reviewing the PR 🙌🏻 merging it. 💯

@PreetiW PreetiW merged commit 0cfe348 into RedHatInsights:main Dec 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r14chandra r14chandra r14chandra approved these changes

@upadhyeammit upadhyeammit upadhyeammit approved these changes

Assignees

@kgaikwad kgaikwad

Labels
ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@PreetiW @codecov-commenter @upadhyeammit @r14chandra @kgaikwad