Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrades node-forge from v0.10.0 to v1.2.1 #1239

Merged
merged 1 commit into from
Feb 22, 2022
Merged

Upgrades node-forge from v0.10.0 to v1.2.1 #1239

merged 1 commit into from
Feb 22, 2022

Conversation

tmarkley
Copy link
Contributor

@tmarkley tmarkley commented Feb 11, 2022
edited
Loading

Description

  • CHANGELOG
  • The major version bump introduces breaking changes, but none of them apply to Dashboards.
  • Upgrades @elastic/request-crypto from 1.1.4 to 2.0.0 which has a downstream dependency on node-forge.
    • @elastic/request-crypto uses node-jose@2.0.0 which still depends on node-forge@0.10.0 so we need a manual resolution for node-jose@2.1.0.

Issues Resolved

Resolves #1112
Resolves #1134

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

Upgrades node-forge from v0.10.0 to v1.2.1
8160ef4 
* [CHANGELOG](https://github.com/digitalbazaar/forge/blob/v1.2.1/CHANGELOG.md)
* The major version bump introduces breaking changes, but none of them
apply to Dashboards.
* Upgrades `@elastic/request-crypto` from `1.1.4` to `2.0.0` which has
a downstream dependency on `node-forge`.
  * `@elastic/request-crypto` uses `node-jose@2.0.0` which still depends
  on `node-forge@0.10.0` so we need a manual resolution for
  `node-jose@2.1.0`.

Resolves opensearch-project#1112

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley added dependencies Pull requests that update a dependency file v2.0.0 labels Feb 11, 2022
@tmarkley tmarkley requested a review from a team as a code owner February 11, 2022 17:10
kavilla
kavilla approved these changes Feb 17, 2022
View reviewed changes
Copy link
Member

@kavilla kavilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tmarkley tmarkley mentioned this pull request Feb 22, 2022
Closed
@tmarkley tmarkley linked an issue Feb 22, 2022 that may be closed by this pull request
WS-2022-0008 (Medium) detected in node-forge-0.10.0.tgz #1134
Closed
@tmarkley tmarkley merged commit 15b561e into opensearch-project:main Feb 22, 2022
@tmarkley tmarkley deleted the issue-1112 branch February 22, 2022 22:11
@tmarkley tmarkley added the cve Security vulnerabilities detected by Dependabot or Mend label Mar 16, 2022
@ZilongX ZilongX mentioned this pull request Sep 29, 2022
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ananzh ananzh ananzh approved these changes

@kavilla kavilla kavilla approved these changes

Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend dependencies Pull requests that update a dependency file v2.0.0
Projects
None yet
Milestone
No milestone
3 participants
@tmarkley @kavilla @ananzh