Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: dep vulnerability #7095

Merged
merged 1 commit into from
Oct 8, 2024
Merged

fix: dep vulnerability #7095

merged 1 commit into from
Oct 8, 2024

Conversation

AugustinMauroy
Copy link
Member

Description

GHSA ID: GHSA-593m-55hh-j8gv
Fixed manually because dependabot alert can't fix it.

Validation

Everithing should be allright

Related Issues

"Sentry SDK Prototype Pollution gadget in JavaScript SDKs"

Check List

  • I have read the Contributing Guidelines and made commit messages that follow the guideline.
  • I have run npm run format to ensure the code follows the style guide.
  • I have run npm run test to check if all tests are passing.
  • I have run npx turbo build to check if the website builds without errors.
  • NA I've covered new added functionality with unit tests if necessary.

@AugustinMauroy AugustinMauroy requested a review from a team as a code owner October 7, 2024 08:19
@vercel Vercel
Copy link

vercel bot commented Oct 7, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Oct 7, 2024 8:19am

mikeesto
mikeesto approved these changes Oct 8, 2024
View reviewed changes
Copy link
Member

@mikeesto mikeesto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why sentry was pinned as ~ but LGTM

@bmuenzenmeyer
Copy link
Collaborator

I'm not sure why sentry was pinned as ~ but LGTM

yes, caret seems appropriate per https://github.com/nodejs/nodejs.org/blob/main/DEPENDENCY_PINNING.md#when-pinning-dependencies

@bmuenzenmeyer bmuenzenmeyer added the github_actions:pull-request Trigger Pull Request Checks label Oct 8, 2024
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Oct 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2024
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 99 🟢 100 🟢 100 🟢 91 🔗
/en/about 🟢 100 🟢 100 🟢 96 🟢 91 🔗
/en/about/previous-releases 🟢 99 🟢 100 🟢 96 🟢 92 🔗
/en/download 🟢 100 🟢 100 🟢 100 🟢 91 🔗
/en/blog 🟢 100 🟢 100 🟢 100 🟢 92 🔗

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2024

Unit Test Coverage Report

Lines Statements Branches Functions
Coverage: 92%
 90.47% (589/651) 76.29% (177/232) 94.35% (117/124)

Unit Test Report

Tests Skipped Failures Errors Time
131 0 💤 0 ❌ 0 🔥 5.235s ⏱️

@bmuenzenmeyer
Copy link
Collaborator

all PRs need to be rebased it seems

@bmuenzenmeyer bmuenzenmeyer disabled auto-merge October 8, 2024 15:38
@bmuenzenmeyer bmuenzenmeyer merged commit 0b24ff7 into main Oct 8, 2024
13 of 15 checks passed
@bmuenzenmeyer bmuenzenmeyer deleted the fix-vulnerability branch October 8, 2024 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmuenzenmeyer bmuenzenmeyer bmuenzenmeyer approved these changes

@mikeesto mikeesto mikeesto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AugustinMauroy @bmuenzenmeyer @mikeesto