-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE 2022-3517] Bump minimatch to 3.0.5 and [IBM X-Force ID: 220063] unset-value to 2.0.1 #2640
Conversation
8b29d41
to
841b00e
Compare
Codecov Report
@@ Coverage Diff @@
## main #2640 +/- ##
=======================================
Coverage ? 66.81%
=======================================
Files ? 3207
Lines ? 61148
Branches ? 9315
=======================================
Hits ? 40856
Misses ? 18060
Partials ? 2232 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for fixing CVEs for customer!
I think you might need to add tags for backport. Does these CVEs affect 1.x? Do we need to backport to 1.x? Do we have any conflicts there? |
yes, but I dont see the option. Please add the label. Thanks |
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
Signed-off-by: himsgupta1122 <hmsgupt@gmail.com>
…unset-value to 2.0.1 (#2640) (#2654) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1) Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-2640-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 68baac19664decd8b1cb0a35fa82ba0e9af4f658
# Push it to GitHub
git push --set-upstream origin backport/backport-2640-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.x Then, create a pull request where the |
…unset-value to 2.0.1 (opensearch-project#2640) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1)
…unset-value to 2.0.1 (opensearch-project#2640) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1)
…unset-value to 2.0.1 (#2640) (#2946) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1) Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com>
…unset-value to 2.0.1 (opensearch-project#2640) (opensearch-project#2946) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1) Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com> (cherry picked from commit 21a9e7f)
…unset-value to 2.0.1 (#2640) (#2946) (#2972) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> (cherry picked from commit 68baac1) Co-authored-by: himsgupta1122 <115103225+himsgupta1122@users.noreply.github.com> (cherry picked from commit 21a9e7f)
…unset-value to 2.0.1 (opensearch-project#2640) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
…unset-value to 2.0.1 (opensearch-project#2640) * Update CVE 2022-3517 minimatch to 3.0.5 * enforce unset-value to 2.0.1 * version semver update and combining changelogs * adding minimatch sub-dep resolution Signed-off-by: himsgupta1122 <hmsgupt@gmail.com> Signed-off-by: Arpit Bandejiya <abandeji@amazon.com>
Signed-off-by: himsgupta1122 hmsgupt@gmail.com
Description
IBM X-Force ID: 220063
CVE 2022-3517
Issues Resolved
[List any issues this PR will resolve]
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr