Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1 #2230

Merged
merged 1 commit into from
Jul 16, 2023
Merged

fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1 #2230

merged 1 commit into from
Jul 16, 2023

Conversation

petermetz
Copy link
Contributor

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

Depends on #2229

Fixes #2228

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

@jagpreetsinghsasan
Copy link
Contributor

jagpreetsinghsasan commented Dec 9, 2022
edited
Loading

Cactus_CI / cactus-cmd-api-server was failing so I have re-run it.

@petermetz petermetz force-pushed the petermetz/issue2228 branch from 5f82a69 to 2ae862f Compare December 9, 2022 18:33
izuru0
izuru0 approved these changes Dec 13, 2022
View reviewed changes
Copy link
Contributor

@izuru0 izuru0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jagpreetsinghsasan
jagpreetsinghsasan approved these changes Mar 23, 2023
View reviewed changes
Copy link
Contributor

@jagpreetsinghsasan jagpreetsinghsasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions
Copy link

This PR/issue depends on:

@petermetz petermetz force-pushed the petermetz/issue2228 branch from 2ae862f to 1818915 Compare July 16, 2023 21:21
@petermetz petermetz requested a review from VRamakrishna as a code owner July 16, 2023 21:21
@petermetz petermetz enabled auto-merge (rebase) July 16, 2023 21:23
@petermetz
fix(security): the CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
b68a5d6 
Project-wide update of socket-io was necessary to 4.5.4 because of its
transitive dependence on socket.io-parser.

To completely get rid of all instances of the vulnerable versions,
we also have to upgrade the example application's Angular versions:

- Upgraded Artillery from v1.7.1 to v1.7.9

Depends on hyperledger-cacti#2229

Fixes hyperledger-cacti#2228

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz force-pushed the petermetz/issue2228 branch from 1818915 to b68a5d6 Compare July 16, 2023 22:18
@petermetz petermetz merged commit 9172172 into hyperledger-cacti:main Jul 16, 2023
@petermetz petermetz deleted the petermetz/issue2228 branch July 16, 2023 23:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@takeutak takeutak takeutak approved these changes

@izuru0 izuru0 izuru0 approved these changes

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(security): CVE-2022-2421 - upgrade socket.io-parser to >=4.2.1
4 participants
@petermetz @jagpreetsinghsasan @takeutak @izuru0