Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Dependabot Security Alert Fix for Docusaurus Packages #561

Merged
merged 4 commits into from
Jun 20, 2024
Merged

fix: Dependabot Security Alert Fix for Docusaurus Packages #561

merged 4 commits into from
Jun 20, 2024

Conversation

vara-bonthu
Copy link
Collaborator

@vara-bonthu vara-bonthu commented Jun 20, 2024
edited
Loading

What does this PR do?

🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

This PR addresses security vulnerabilities in the ws package used by Docusaurus dependencies.

Issues Addressed:

Issue #53: ws affected by a DoS when handling a request with many HTTP headers.

Conflicting dependencies: @docusaurus/core@3.0.1, @docusaurus/preset-classic@3.0.1, and docusaurus-lunr-search@3.3.1.
Current ws version: 7.5.10
Fixed version: 8.17.1 (not currently compatible with existing dependencies).

Issue #52: ws affected by a DoS vulnerability.
Same conflicting dependencies and fixed version requirements as Issue #53.

Motivation

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Mandatory for new blueprints. Yes, I have added a example to support my blueprint PR
  • Mandatory for new blueprints. Yes, I have updated the website/docs or website/blog section for this feature
  • Yes, I ran pre-commit run -a with this PR. Link for installing pre-commit locally

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

ratnopamc
ratnopamc approved these changes Jun 20, 2024
View reviewed changes
Copy link
Collaborator

@ratnopamc ratnopamc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.

@vara-bonthu
Copy link
Collaborator Author

/hold

fixing the workflow failure issue

@vara-bonthu vara-bonthu merged commit 3ef55e2 into main Jun 20, 2024
36 of 37 checks passed
@vara-bonthu vara-bonthu deleted the sec-fix branch June 20, 2024 20:03
ovaleanu pushed a commit to ovaleanu/data-on-eks that referenced this pull request Aug 10, 2024
@vara-bonthu @ovaleanu
fix: Dependabot Security Alert Fix for Docusaurus Packages (awslabs#561)
ec663c8 
Signed-off-by: Vara Bonthu <vara.bonthu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ratnopamc ratnopamc ratnopamc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vara-bonthu @ratnopamc