Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update jasmine-reporters to v2.5.0 to fix xmldom vulnerability #2994

Merged
merged 1 commit into from
Oct 1, 2021
Merged

fix: update jasmine-reporters to v2.5.0 to fix xmldom vulnerability #2994

merged 1 commit into from
Oct 1, 2021

Conversation

wcalandro
Copy link
Contributor

PR Checklist

Please check if your PR fulfills the following requirements:

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

N/A

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature (please, look at the "Scope of the project" section in the README.md file)
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

What is the current behavior?

Currently, @bazel/jasmine uses a version of jasmine-reporters that has a downstream vulnerability in xmldom

What is the new behavior?

jasmine-reporters has been updated, which uses @xmldom/xmldom, which has the vulnerability patched

Does this PR introduce a breaking change?

  • Yes
  • No

@google-cla google-cla bot added the cla: yes label Oct 1, 2021
alexeagle
alexeagle approved these changes Oct 1, 2021
View reviewed changes
Copy link
Collaborator

@alexeagle alexeagle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@alexeagle alexeagle merged commit 8ca234b into bazel-contrib:stable Oct 1, 2021
@wcalandro wcalandro deleted the fix-jasmine branch October 4, 2021 17:40
alexeagle added a commit that referenced this pull request Oct 5, 2021
@alexeagle
Revert "fix: update jasmine-reporters to v2.5.0 to fix xmldom vulnera…
f7bf463 
…bility (#2994)"

It broke our Windows CI

This reverts commit 8ca234b.
@alexeagle
Copy link
Collaborator

oops sorry @wcalandro this made our Windows CI tests go solid red
https://buildkite.com/bazel/rules-nodejs-nodejs/builds/10692#1ce7f7b0-619a-4737-aab0-bb2e1aa03776

I reverted the commit for now to get green again. Do you have time to open the PR again and try to diagnose why it broke?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexeagle alexeagle alexeagle approved these changes

@gregmagolan gregmagolan Awaiting requested review from gregmagolan gregmagolan is a code owner

@mattem mattem Awaiting requested review from mattem mattem is a code owner

@soldair soldair Awaiting requested review from soldair

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wcalandro @alexeagle