-
Notifications
You must be signed in to change notification settings - Fork 917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2022-25758] Use dart-sass instead of node-sass #2054
[CVE-2022-25758] Use dart-sass instead of node-sass #2054
Conversation
Signed-off-by: Tao liu <liutaoaz@amazon.com>
Codecov Report
@@ Coverage Diff @@
## main #2054 +/- ##
=======================================
Coverage 67.50% 67.51%
=======================================
Files 3077 3077
Lines 59184 59188 +4
Branches 9003 9003
=======================================
+ Hits 39955 39958 +3
- Misses 17044 17045 +1
Partials 2185 2185
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
looks like a snapshot failure, could update them? |
Signed-off-by: Tao liu <liutaoaz@amazon.com>
According the error in the #535, it sounds like that happened on during the build compile, I didn't see the build compile error and UI error. |
Thanks. I updated the test, it should fixes the tests. |
Awesome! Do you know if there is any performance updates with the rendering? Also, will OUI be impacted by this @AMoo-Miki ? Finally, I haven't checked by do we use the sass |
Signed-off-by: Tao liu <liutaoaz@amazon.com>
Signed-off-by: Tao liu <liutaoaz@amazon.com>
@AMoo-Miki , Is this changes looking good from your side? if you have time, please take a look this changes, thanks |
Hello @Flyingliuhub, are we able to eyeball any performance impact? |
I didn't see the page load (dashboard/discover/Visualizations) different in my local. It take about 12 minutes for build locally with following command
|
Biggest worry was OUI, but Miki is good with that. Downstream might be impacted so it will be a breaking change for 3.0. The only other thing is if there is any performance degradation. But we don't have any client side perf tests so looks good to me. However, will hold off from merging until at least tomorrow just in case in becomes a blocker for OUI. |
Any update team ~ |
@kavilla , Is there any update from retro? if everything looks good from retro meeting, could you please click "Merge"? Thanks |
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Bump node.js to 18 and fix errors Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Fix async unit test timeout issue Signed-off-by: Anan Zhuang <ananzh@amazon.com> [Nodejs 18] fix lmdb and plugins discovery unit tests Signed-off-by: Anan Zhuang <ananzh@amazon.com> Fix windows path Signed-off-by: Anan Zhuang <ananzh@amazon.com> Increase memory limit for unit test and fix memory leak Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com> add unhandle-rejections Signed-off-by: Anan Zhuang <ananzh@amazon.com> add worker add mock lmdb to integration test Signed-off-by: Anan Zhuang <ananzh@amazon.com> modify test start opensearch Signed-off-by: Anan Zhuang <ananzh@amazon.com> only one integration test Signed-off-by: Anan Zhuang <ananzh@amazon.com> update test Signed-off-by: Anan Zhuang <ananzh@amazon.com> increase time Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Revert "add node fiber to improve performance (opensearch-project#2319)" Revert "[CVE-2022-25758] Use dart-sass instead of node-sass (opensearch-project#2054)" Revert back to use node-sass and bump to 8.0.0 Change lmdb-store to lmdb Bump node.js to 18 and fix errors Issue Resolved: opensearch-project#3601 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Signed-off-by: Tao liu liutaoaz@amazon.com
Description
This PR fixes the Regular expression denial of service in scss-tokenizer, use dart-sass instead of node-sass.
The node-sass are deprecated, the detail here.
The suggested solution (#535) is that use dart-sass instead of node-sass
The scan detail as following and link here
Issues Resolved
#1842 , #535
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr