Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

override semver (to 7.5.4) in package.json #1372

Closed
wants to merge 3 commits into from
Closed

override semver (to 7.5.4) in package.json #1372

wants to merge 3 commits into from

Conversation

ishtails
Copy link
Contributor

@ishtails ishtails commented Aug 4, 2023
edited
Loading

What kind of change does this PR introduce?
bugfix

Issue Number:
fixes #1360

Did you add tests for your changes?
No

Snapshots/Videos:
NA

If relevant, did you update the documentation?
NA

Summary
Overrided semver in package.json to latest 7.5.4 version to fix semver vulnerable to Regular Expression Denial of Service as stated in #1360

Does this PR introduce a breaking change?
Not sure

Other information
NA

Have you read the contributing guide?
Yes

@github-actions
Copy link

github-actions bot commented Aug 4, 2023

Our Pull Request Approval Process

We have these basic policies to make the approval process smoother for our volunteer team.

Testing Your Code

Please make sure your code passes all tests. Our test code coverage system will fail if these conditions occur:

  1. The overall code coverage drops below the target threshold of the repository
  2. Any file in the pull request has code coverage levels below the repository threshold
  3. Merge conflicts

The process helps maintain the overall reliability of the code base and is a prerequisite for getting your PR approved. Assigned reviewers regularly review the PR queue and tend to focus on PRs that are passing.

Reviewers

When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

  1. comments in this PR or
  2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

  1. arbitrators of future discussions with other contributors about the validity of your changes
  2. point of contact for evaluating the validity of your work
  3. person who verifies matching issues by others that should be closed.
  4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

  1. PRs with issues not assigned to you will be closed by the reviewer
  2. Fix the first comment in the PR so that each issue listed automatically closes

Other

  1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
  2. Read the CONTRIBUTING.md file make

@palisadoes
Copy link
Contributor

Please refer to the CONTRIBUTING.md file on how to auto-close issues when the PR is merged. This is important.

@ishtails
Copy link
Contributor Author

ishtails commented Aug 5, 2023

I have edited my message to include " fixes #1360 " & also fixed the workflow error

@codecov
Copy link

codecov bot commented Aug 6, 2023
edited
Loading

Codecov Report

Merging #1372 (b565b17) into develop (c0468a4) will not change coverage.
Report is 2 commits behind head on develop.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop    #1372   +/-   ##
========================================
  Coverage    98.17%   98.17%           
========================================
  Files          184      184           
  Lines        10767    10767           
  Branches       835      835           
========================================
  Hits         10571    10571           
  Misses         186      186           
  Partials        10       10

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@palisadoes
Copy link
Contributor

  1. Are you sure you rebuilt the packages after doing this upgrade?
  2. Dependabot says there are package dependencies that need to be upgraded too. Please review.
  3. We would have done the upgrade automatically if we could. This is why we created the manual issue.

image

@ishtails
Copy link
Contributor Author

ishtails commented Aug 6, 2023
edited
Loading

I am a little unsure if manually updating the version of semver in all the dependent packages is how it should be done... let me know if there is a more standard way of doing this. For now, I have added a commit with manual version changes

@palisadoes
Copy link
Contributor

This is not correct. Please upgrade the dependencies rather than manually editing the dependency's dependencies. If there is no solution using this method, then let us know.

1 similar comment
@palisadoes
Copy link
Contributor

This is not correct. Please upgrade the dependencies rather than manually editing the dependency's dependencies. If there is no solution using this method, then let us know.

@ishtails
Copy link
Contributor Author

I'm not sure how else to go about it...

@github-actions
Copy link

This pull request did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please verify it has no conflicts with the develop branch and rebase if needed. Mention it now if you need help or give permission to other people to finish your work.

@github-actions github-actions bot added the no-pr-activity No pull request activity label Aug 28, 2023
@palisadoes
Copy link
Contributor

Closing due to inactivity

@palisadoes palisadoes closed this Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
no-pr-activity No pull request activity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

semver vulnerable to Regular Expression Denial of Service
2 participants
@ishtails @palisadoes