Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: override nested dependencies to fix vulnerabilities #6375

Merged
merged 2 commits into from
Feb 24, 2024
Merged

security: override nested dependencies to fix vulnerabilities #6375

merged 2 commits into from
Feb 24, 2024

Conversation

ptyin
Copy link
Member

@ptyin ptyin commented Feb 23, 2024
edited
Loading

  • I have registered the PR changes.

Ⅰ. Describe what this PR did

To fix console-fe vulnerabilities, I override nested dependencies to safe versions.

Ⅱ. Does this pull request fix one issue?

This PR aims to fix following CVEs.
image

@ptyin ptyin changed the title optimize: bump @alicloud/console-components and extract subprojects to fix vulnerabilities [WIP] optimize: bump @alicloud/console-components and extract subprojects to fix vulnerabilities Feb 23, 2024
@ptyin ptyin force-pushed the optimize/console-vulnerability branch from 8d70559 to dafa8df Compare February 24, 2024 09:46
@ptyin ptyin changed the title [WIP] optimize: bump @alicloud/console-components and extract subprojects to fix vulnerabilities optimize: override nested dependencies to fix vulnerabilities Feb 24, 2024
@codecov-commenter
Copy link

codecov-commenter commented Feb 24, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.44%. Comparing base (a866c2d) to head (d167d49).
Report is 1 commits behind head on 2.x.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##                2.x    #6375      +/-   ##
============================================
+ Coverage     52.40%   52.44%   +0.03%     
- Complexity     5245     5246       +1     
============================================
  Files           924      924              
  Lines         32066    32066              
  Branches       3833     3833              
============================================
+ Hits          16805    16816      +11     
+ Misses        13608    13596      -12     
- Partials       1653     1654       +1

see 4 files with indirect coverage changes

@ptyin ptyin changed the title optimize: override nested dependencies to fix vulnerabilities security: override nested dependencies to fix vulnerabilities Feb 24, 2024
liuqiufeng
liuqiufeng approved these changes Feb 24, 2024
View reviewed changes
Copy link
Contributor

@liuqiufeng liuqiufeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@liuqiufeng liuqiufeng merged commit 3c98058 into apache:2.x Feb 24, 2024
6 checks passed
@slievrly slievrly added this to the 2.1.0 milestone Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liuqiufeng liuqiufeng liuqiufeng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@ptyin @codecov-commenter @liuqiufeng @slievrly