Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bump dependencies to resolve security issues #169

Merged
merged 3 commits into from
Oct 13, 2020
Merged

fix: bump dependencies to resolve security issues #169

merged 3 commits into from
Oct 13, 2020

Conversation

magicmatatjahu
Copy link
Member

@magicmatatjahu magicmatatjahu commented Oct 13, 2020
edited
Loading

Description

Changes proposed in this pull request:

Related issue(s)
Resolves #168

@magicmatatjahu magicmatatjahu added the dependencies Pull requests that update a dependency file label Oct 13, 2020
@magicmatatjahu magicmatatjahu mentioned this pull request Oct 13, 2020
Closed
derberg
derberg reviewed Oct 13, 2020
View reviewed changes
.github/workflows/release.yml Outdated
@@ -37,6 +37,11 @@ jobs:
GIT_COMMITTER_NAME: asyncapi-bot
GIT_COMMITTER_EMAIL: info@asyncapi.io
run: npm run release
# Sleep for 10 seconds before using latest version in playground, because sometimes NPM needs additional few seconds to `save` package in registry
- name: Sleep for 10 seconds
uses: jakejarvis/wait-action@master
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please use something different, this action looks nifty but as you can see it is always fetched from master 😱 which is super unsecure. Unfortunately the user doesn't seem to provide regular professional releases

why not just sleep 30s && npm install @kyma-project/asyncapi-react@${{ steps.extractver.outputs.version }} -s in the playground step?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you are right, I changed it to sleep 10 && ...

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@magicmatatjahu magicmatatjahu merged commit 86d2ad0 into asyncapi:master Oct 13, 2020
@magicmatatjahu magicmatatjahu deleted the update-deps branch October 13, 2020 17:08
@asyncapi-bot
Copy link
Contributor

🎉 This PR is included in version 0.14.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derberg derberg derberg approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Address XSS vulnerability in dompurify by updating dependency
3 participants
@magicmatatjahu @asyncapi-bot @derberg