-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x #3455
Conversation
c02d4de
to
7e207dd
Compare
7e207dd
to
52dbc78
Compare
…der to 10.4.1 in 2.x Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
52dbc78
to
9ffec31
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) | |||
- [CVE-2022-25860] Bump simple-git from 3.15.1 to 3.16.0 ([#3345](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345)) | |||
- [CVE-2020-36632] [REQUIRES PLUGIN VALIDATION] Bump flat from 4.1.1 to 5.0.2 ([#3419](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3419)). To the best of our knowledge, this is a non-breaking change, but if your plugin relies on `mocha` tests, validate that they still work correctly (and plan to migrate them to `jest` [in preparation for `mocha` deprecation](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1572). | |||
- [CVE-2023-25166] Bump formula from 3.0.0 to 3.0.1 ([#3416](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3416)) | |||
- [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455)) | |
- [CVE-2022-25758][CVE-2020-24025] Bump node-sass from 6.0.1 to 7.0.3 and sass-loader from 10.2.1 to 10.4.1 ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455)) |
Looks like the only breaking change in that node-sass bump is sass/node-sass#3149 (via https://github.com/sass/node-sass/releases/tag/v7.0.0). @ananzh Do you think we need an extra warning for plugin devs in the CHANGELOG? I don't know enough about how that breaking change would actually manifest itself. |
I think see risks from quick glance but I think it is better to warn plugins. |
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## 2.x #3455 +/- ##
==========================================
- Coverage 66.53% 66.48% -0.06%
==========================================
Files 3203 3203
Lines 61397 61397
Branches 9453 9453
==========================================
- Hits 40853 40821 -32
- Misses 18288 18315 +27
- Partials 2256 2261 +5
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
Description
Bump node-sass to 7.0.3 and sass-loader to 10.4.1
More analysis:
#1842 (comment)
Issues Resolved
#1067
#1842
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr