Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove cookie support. #485

Merged
merged 2 commits into from
Jul 6, 2023
Merged

Conversation

astegmaier
Copy link

This addresses #483 and supersedes PR #484. There is a security vulnerability in the tough-cookie package for versions <4.3.1 - see https://nvd.nist.gov/vuln/detail/CVE-2023-26136. Previously @azure/ms-rest-js depended on ^3.0.0, which locked tough-cookie to an unsecure version.

After discussion with @xirzec, we concluded the right resolution was to remove the dependency entirely, similar to what was done in azure-sdk-for-js PR 24660, which was the model for this PR.

Testing

Build (npm run build) and tests (npm run test) continue to succeed with this upgrade.

Copy link
Member

@xirzec xirzec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@astegmaier can you bump the version in

msRestVersion: "2.6.6",
and in package.json, and add a Changelog.md entry?

That should be all that is needed to make the CI happy and allow us to release.

@astegmaier
Copy link
Author

@astegmaier can you bump the version in

msRestVersion: "2.6.6",

and in package.json, and add a Changelog.md entry?
That should be all that is needed to make the CI happy and allow us to release.

Done.

Copy link
Member

@xirzec xirzec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@xirzec xirzec merged commit d052744 into Azure:master Jul 6, 2023
@xirzec
Copy link
Member

xirzec commented Jul 6, 2023

@astegmaier 2.7.0 should be live now https://www.npmjs.com/package/@azure/ms-rest-js/v/2.7.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants