-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Upgrade express
dependency
#2036
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2036 +/- ##
==========================================
+ Coverage 39.20% 42.33% +3.13%
==========================================
Files 146 172 +26
Lines 4857 5525 +668
Branches 1164 1360 +196
==========================================
+ Hits 1904 2339 +435
- Misses 2939 3071 +132
- Partials 14 115 +101
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're still pulling in 4.18.2 as a dependency with this change.
$ curl -s 'https://cachito.engineering.redhat.com/api/v1/requests/1559257' | jq -r '.packages[].dependencies[]| select(.name == "express")'
{
"dev": false,
"name": "express",
"replaces": null,
"type": "npm",
"version": "4.18.2"
}
{
"dev": false,
"name": "express",
"replaces": null,
"type": "npm",
"version": "4.19.2"
}
17e1ff5
to
8664495
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Successful downstream scratch build with this change.
$ curl -s 'https://cachito.engineering.redhat.com/api/v1/requests/1559286' | jq -r '.packages[].dependencies[]| select(.name == "express")'
{
"dev": false,
"name": "express",
"replaces": null,
"type": "npm",
"version": "4.19.2"
}
{
"dev": true, # <-- devDependency, no concerns
"name": "express",
"replaces": null,
"type": "npm",
"version": "4.18.2"
}
Resolves: https://issues.redhat.com/browse/MTA-2934 Resolve security issues for the `express` dependency across the workspaces and as a dependency of a dependency. Signed-off-by: Scott J Dickerson <[email protected]>
Note to self: This PR needs to be manually backported to release-0.2 since the cherry-pick bot doesn't go back that far. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even better 😎
Thanks, @sjd78 !
/lgtm
$ curl -s 'https://cachito.engineering.redhat.com/api/v1/requests/1559440' | jq -r '.packages[].dependencies[]| select(.name == "express")'
{
"dev": false,
"name": "express",
"replaces": null,
"type": "npm",
"version": "4.19.2"
}
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Backport-of: konveyor#2036 Resolves: https://issues.redhat.com/browse/MTA-2934 Resolve security issues for the `express` dependency across the workspaces and as a dependency of a dependency. Signed-off-by: Scott J Dickerson <[email protected]>
Backport-of: konveyor#2036 Resolves: https://issues.redhat.com/browse/MTA-2934 Resolve security issues for the `express` dependency across the workspaces and as a dependency of a dependency. Signed-off-by: Scott J Dickerson <[email protected]>
Backport-of: konveyor#2036 Resolves: https://issues.redhat.com/browse/MTA-2934 Resolve security issues for the `express` dependency across the workspaces and as a dependency of a dependency. Signed-off-by: Scott J Dickerson <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson <[email protected]> Signed-off-by: Cherry Picker <[email protected]>
Backport-of: #2036 Resolves: https://issues.redhat.com/browse/MTA-2934 Resolve security issues for the `express` dependency across the workspaces and as a dependency of a dependency. Signed-off-by: Scott J Dickerson <[email protected]>
Resolves: https://issues.redhat.com/browse/MTA-2934
Upgrade the
express
dependency in the server workspace to resolve security issues.