Skip to content

fix(web-scripts): resolve sec issues #1008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 15, 2022
Merged

fix(web-scripts): resolve sec issues #1008

merged 2 commits into from
Jul 15, 2022

Conversation

@danorel
Copy link
Contributor

@danorel danorel commented Jul 14, 2022
edited
Loading

Issue: #1007

@danorel danorel mentioned this pull request Jul 14, 2022
Closed
@kaimallea
Copy link
Contributor

kaimallea commented Jul 14, 2022

Hey @danorel, thanks for your PR! I will merge after tests pass

@kaimallea
Copy link
Contributor

kaimallea commented Jul 14, 2022

@danorel ah looks like yarn is expecting an updated yarn.lock; can you run yarn and commit the updated lock? Thanks!

@danorel
Copy link
Contributor Author

danorel commented Jul 14, 2022
edited
Loading

@kaimallea I've updated the yarn.lock file and provided a solution with yarn resolutions. Critical security issues with minimist had gone (in packages cz-conventional-changelog and commitizen).

Screenshot 2022-07-14 at 20 46 49

By the way, you can use this approach to resolve other high security issues.

@danorel
Copy link
Contributor Author

danorel commented Jul 14, 2022
edited
Loading

Actually, I provided solution, which resolves all security issues.
But surely, the tests should check, whether changes not crashed package compatibility :D

Screenshot 2022-07-14 at 20 55 34

@danorel danorel changed the title fix(web-scripts): resolve sec issue in commitizen, must use ^4.2.4 fix(web-scripts): resolve sec issues Jul 14, 2022
@kaimallea
Copy link
Contributor

kaimallea commented Jul 15, 2022

Looks good! And makes sense, using resolutions exactly what it was intended for. Thank you for taking the time to contribute this PR!

@kaimallea kaimallea merged commit 5be9fcf into spotify:master Jul 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kaimallea kaimallea kaimallea approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danorel @kaimallea