Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Manual Backport 1.3] [CVE-2020-36632] Bumps flat from 4.1.1 to 5.0.2 #3520

Merged
merged 1 commit into from
Mar 6, 2023

Conversation

ZilongX
Copy link
Collaborator

@ZilongX ZilongX commented Mar 3, 2023

Description

Issues Resolved

Resolved #3167

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
    • yarn test:ftr
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

Signed-off-by: Zilong Xia <zilongx@amazon.com>
@ZilongX ZilongX added cve Security vulnerabilities detected by Dependabot or Mend v1.3.9 labels Mar 3, 2023
@ZilongX ZilongX requested a review from a team March 3, 2023 20:16
@codecov-commenter
Copy link

Codecov Report

Merging #3520 (f04a513) into 1.3 (ddd7f50) will decrease coverage by 0.05%.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##              1.3    #3520      +/-   ##
==========================================
- Coverage   67.49%   67.44%   -0.05%     
==========================================
  Files        3044     3044              
  Lines       58694    58694              
  Branches     8902     8902              
==========================================
- Hits        39613    39589      -24     
- Misses      16932    16952      +20     
- Partials     2149     2153       +4     
Flag Coverage Δ
Linux 67.44% <ø> (ø)
Windows ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/dev/build/lib/get_build_number.ts 57.14% <0.00%> (-42.86%) ⬇️
packages/osd-cross-platform/src/path.ts 48.83% <0.00%> (-37.21%) ⬇️
...ges/osd-apm-config-loader/src/config.test.mocks.ts 91.30% <0.00%> (-8.70%) ⬇️
src/dev/build/lib/config.ts 79.41% <0.00%> (-5.89%) ⬇️
src/setup_node_env/harden/child_process.js 84.61% <0.00%> (-3.85%) ⬇️
...ic/application/models/sense_editor/sense_editor.ts 64.88% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@ZilongX
Copy link
Collaborator Author

ZilongX commented Mar 3, 2023

    ✓ reads config from a file, returns an instance of Config class
    ✓ merges setting overrides into log
    ✓ supports loading config files from within config files
    ✓ throws if settings are invalid


  412 passing (8s)

✨  Done in 15.62s.`

All Mocha test cases are passed all good on Local btw.

Remote check seems good as well as all checks passed.

@joshuarrrr
Copy link
Member

ignoring whitesource failure

@joshuarrrr joshuarrrr merged commit e671dc0 into opensearch-project:1.3 Mar 6, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/backport-1.x
# Create a new branch
git switch --create backport/backport-3520-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e671dc0f5fdaf033bded4e336cb10681d7902fcf
# Push it to GitHub
git push --set-upstream origin backport/backport-3520-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-3520-to-1.x.

@joshuarrrr
Copy link
Member

Manually backported to 1.x for consistency

joshuarrrr pushed a commit that referenced this pull request Mar 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cve Security vulnerabilities detected by Dependabot or Mend v1.3.9
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants