Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add socket.io-parser resolution #11821

Merged
merged 1 commit into from
Nov 1, 2022
Merged

docs: add socket.io-parser resolution #11821

merged 1 commit into from
Nov 1, 2022

Conversation

vince-fugnitto
Copy link
Member

What it does

The pull-request adds a migration guide note for socket.io-parser (#11819) to work around the known CVE. The note is useful for downstream adopters to workaround the issue until a patch release is performed in the framework.

How to test

The resolution was confirmed to work locally when tested with an application based on latest Theia.

Review checklist

Reminder for reviewers

Signed-off-by: vince-fugnitto vincent.fugnitto@ericsson.com

@vince-fugnitto vince-fugnitto added the documentation issues related to documentation label Nov 1, 2022
@vince-fugnitto vince-fugnitto self-assigned this Nov 1, 2022
msujew
msujew approved these changes Nov 1, 2022
View reviewed changes
Copy link
Member

@msujew msujew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm that adding the resolution to a Theia project targeting a non-next version of Theia can work around the CVE 👍

@marcdumais-work marcdumais-work added the security issues related to security label Nov 1, 2022
@vince-fugnitto
security: socket.io-parser resolution docs
3772d4f 
The commit adds a note regarding the `socket.io-parser` resolution in
our migration guide for downstream adopters.

Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
marcdumais-work
marcdumais-work approved these changes Nov 1, 2022
View reviewed changes
Copy link
Contributor

@marcdumais-work marcdumais-work left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Vince!

@vince-fugnitto vince-fugnitto merged commit 000988a into master Nov 1, 2022
@vince-fugnitto vince-fugnitto deleted the vf/migration-socket.io branch November 1, 2022 19:10
@github-actions github-actions bot added this to the 1.32.0 milestone Nov 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcdumais-work marcdumais-work marcdumais-work approved these changes

@msujew msujew msujew approved these changes

Assignees

@vince-fugnitto vince-fugnitto

Labels
documentation issues related to documentation security issues related to security
Projects
None yet
Milestone
1.32.0
Development

Successfully merging this pull request may close these issues.
3 participants
@vince-fugnitto @msujew @marcdumais-work