-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump sass-lint to 1.13.0 to fix eslint security issue #4338
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ananzh
requested review from
kavilla,
seanneumann,
AMoo-Miki,
ashwin-pc,
joshuarrrr,
abbyhu2000,
zengyan-amazon,
kristenTian,
zhongnansu and
manasvinibs
as code owners
June 20, 2023 21:46
Signed-off-by: ananzh <ananzh@amazon.com>
joshuarrrr
previously approved these changes
Jun 20, 2023
ananzh
added
cve
Security vulnerabilities detected by Dependabot or Mend
backport 1.3
labels
Jun 20, 2023
Codecov Report
@@ Coverage Diff @@
## 1.x #4338 +/- ##
==========================================
- Coverage 67.50% 67.49% -0.01%
==========================================
Files 3044 3044
Lines 58692 58692
Branches 8902 8902
==========================================
- Hits 39619 39617 -2
- Misses 16925 16926 +1
- Partials 2148 2149 +1
Flags with carried forward coverage won't be shown. Click here to find out more. |
AMoo-Miki
previously approved these changes
Jun 21, 2023
Signed-off-by: Anan Zhuang <ananzh@amazon.com>
AMoo-Miki
approved these changes
Jun 22, 2023
joshuarrrr
approved these changes
Jun 23, 2023
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jun 26, 2023
) Signed-off-by: ananzh <ananzh@amazon.com> Signed-off-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit 1f87e83) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Currently, OSD is using
eslint@2.13.1
due tosass-lint@1.12.1
. The original issue #1151 is resolved in 2.0, where we replacesass-lint
withstylelint
in the PR #1413. We consider this as a breaking change sincestylelint
andsass-lint
do not have the same set of rules and they have different APIs for use in scripts, and they also use different formats for their configuration files. Therefore, the two options are 1) bump sass-lint to a version that uses eslint 4.18.2+ 2) resolve eslint. In this PR, we used option 1.The
sass-lint@1.13.0
bumpseslint
to4.19.1
https://github.com/sasstools/sass-lint/blob/v1.13.0/package-lock.jsonHowever this
1.13.0
is released by mistake due to breaking changes shown in this issue complainingno-vendor-prefixes
is not usable after the bump:sasstools/sass-lint#1279
Since OSD does not rely on the
no-vendor-prefixes
rule ofsass-lint
, we could try to update sass-lint to the newer version that doesn't include this rule.Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr