Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Fix Component Governance alert for nconf #4213

Merged
merged 1 commit into from
Apr 29, 2022

Conversation

BruceHaley
Copy link
Contributor

@BruceHaley BruceHaley commented Apr 29, 2022

Fixes #4188

Description

Branch main has 2 code governance alerts with high severity or above:

  • minimist 1.2.5 severity: critical
  • nconf 0.11.2 severity: high

This fixes nconf. minimist requires a new release of orchestrator-core. (That release is ready to go.)

Specific Changes

Bump nconf to 0.11.4.
Update dependency @microsoft/orchestrator-core to latest: 4.14.3.
Update yarn.lock to match changes.

Cleanup and infrastructure tweak:
Drop an irrelevant package-lock.json file.
Add Component Detection to streaming E2E tests pipeline.

@BruceHaley BruceHaley requested a review from a team as a code owner April 29, 2022 01:59
@BruceHaley BruceHaley requested a review from tracyboehrer April 29, 2022 01:59
@BruceHaley BruceHaley added the Automation: No parity PR does not need to be applied to other languages. label Apr 29, 2022
@BruceHaley BruceHaley changed the title fix: Component Governance alert for nconf chore: Fix Component Governance alert for nconf Apr 29, 2022
@coveralls
Copy link

coveralls commented Apr 29, 2022

Pull Request Test Coverage Report for Build 2242940179

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.8%) to 84.482%

Totals Coverage Status
Change from base Build 2241464822: 0.8%
Covered Lines: 19909
Relevant Lines: 22316

💛 - Coveralls

@tracyboehrer tracyboehrer merged commit 4a2ddb1 into main Apr 29, 2022
@tracyboehrer tracyboehrer deleted the bruce/cgalertfixes4-28 branch April 29, 2022 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Automation: No parity PR does not need to be applied to other languages.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security Vulnerability with adal-node dependency in botframework-connector
3 participants