Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Vulnerabilities and warnings #1987

Merged

Conversation

reneleonhardt
Copy link
Contributor

@reneleonhardt reneleonhardt commented Jun 25, 2024

🐛 Fixes

  • Fix Gradle deprecations and warnings
  • Make coverage rules more lenient
  • Fix website vulnerabilities
Library Vulnerability Severity
braces CVE-2024-4068 HIGH
express CVE-2024-29041 MEDIUM
follow-redirects CVE-2024-28849
webpack-dev-middleware CVE-2024-29180 HIGH
ws CVE-2024-37890

🧑‍💻 Improvements

  • Improve dependency management

🚧 TODO

  • Please test all updates and changes extensively to prepare for Kotlin 2 compatibility
  • Please try to restore the 3 skipped tests after Kotlin 1.9 upgrade
  • Anchor #dispatching-by-level doesn't exist anymore in website/docs/server/data-loader/data-loader-instrumentation.mdx
  • Old code should be reformatted so all those many exceptions can be removed from `.editorconfig

@reneleonhardt
Copy link
Contributor Author

@dariuszkuc Can you retry the failed Pull Request Check / build-libraries / build (pull_request) check?
Locally ApolloSubscriptionWebSocketHandlerIT#verify subscription was always green 😅

@samuelAndalon samuelAndalon merged commit 17159d9 into ExpediaGroup:master Jun 27, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants