Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumps grunt from v1.4.1 to v1.5.2 #1451

Merged
merged 1 commit into from
Apr 18, 2022
Merged

Bumps grunt from v1.4.1 to v1.5.2 #1451

merged 1 commit into from
Apr 18, 2022

Conversation

tmarkley
Copy link
Contributor

Description

Issues Resolved

Resolves #1450

Check List

  • New functionality includes testing.
    • All tests pass
      • yarn test:jest
      • yarn test:jest_integration
      • yarn test:ftr
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

@tmarkley tmarkley added dependencies Pull requests that update a dependency file v2.0.0 cve Security vulnerabilities detected by Dependabot or Mend backport 1.x backport 1.3 v1.3.2 labels Apr 13, 2022
@tmarkley tmarkley requested a review from a team as a code owner April 13, 2022 17:14
kavilla
kavilla previously requested changes Apr 14, 2022
View reviewed changes
Copy link
Member

@kavilla kavilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this have any conflicts with plugins?

@tmarkley
Copy link
Contributor Author

Does this have any conflicts with plugins?

How should we be confirming that? There are no breaking changes in the changelog, but if even a patch bump like #1439 causes issues then we'd have to assume any changes to dependencies could cause conflicts with plugins.

@tmarkley tmarkley dismissed kavilla’s stale review April 15, 2022 16:37

We need to merge these CVE PRs in for RC1 to address any breaking changes.

@ananzh
Copy link
Member

ananzh commented Apr 15, 2022

If there is a risk to break plugins, shall we point it to this issue and pin plugin owners? Is there a way to keep them updated?

@tmarkley tmarkley mentioned this pull request Apr 15, 2022
Closed
@tmarkley
Copy link
Contributor Author

If there is a risk to break plugins, shall we point it to this issue and pin plugin owners? Is there a way to keep them updated?

@ananzh I just added details there. We can address required changes as they are found.

@tmarkley tmarkley requested a review from kavilla April 15, 2022 17:10
ashwin-pc
ashwin-pc previously approved these changes Apr 15, 2022
View reviewed changes
ananzh
ananzh previously approved these changes Apr 15, 2022
View reviewed changes
Copy link
Member

@ananzh ananzh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Bumps grunt from v1.4.1 to v1.5.2
2ef3e2d 
* Addresses CVE-2022-0436.
* [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG)

Resolves opensearch-project#1450

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley dismissed stale reviews from ananzh and ashwin-pc via 2ef3e2d April 16, 2022 16:38
@tmarkley tmarkley merged commit cef9e61 into opensearch-project:main Apr 18, 2022
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.x 1.x
# Navigate to the new working tree
cd .worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-1451-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 cef9e61e4ead72cb0b5abb88991213b45a0f9801
# Push it to GitHub
git push --set-upstream origin backport/backport-1451-to-1.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-1451-to-1.x.

@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-1451-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 cef9e61e4ead72cb0b5abb88991213b45a0f9801
# Push it to GitHub
git push --set-upstream origin backport/backport-1451-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-1451-to-1.3.

tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this pull request Apr 28, 2022
Bumps grunt from v1.4.1 to v1.5.2 (opensearch-project#1451)
8fec26f 
* Addresses CVE-2022-0436.
* [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG)

Resolves opensearch-project#1450

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley mentioned this pull request Apr 28, 2022
Merged
1 task
tmarkley pushed a commit that referenced this pull request Apr 29, 2022
Bumps grunt from v1.4.1 to v1.5.2 (#1451) (#1516)
ee98789 
* Addresses CVE-2022-0436.
* [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG)

Resolves #1450

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley deleted the grunt branch April 29, 2022 18:28
@boktorbb boktorbb mentioned this pull request May 5, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@boktorbb boktorbb boktorbb approved these changes

@ananzh ananzh ananzh approved these changes

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

Assignees
No one assigned
Labels
backport 1.3 cve Security vulnerabilities detected by Dependabot or Mend dependencies Pull requests that update a dependency file v1.3.2 v2.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2022-0436 (High) detected in grunt-1.4.1.tgz
5 participants
@tmarkley @ananzh @kavilla @ashwin-pc @boktorbb