Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin path-to-regexp #1925

Merged
merged 1 commit into from
Sep 24, 2024
Merged

Pin path-to-regexp #1925

merged 1 commit into from
Sep 24, 2024

Conversation

GilbertCherrie
Copy link
Member

Update sinon to ~19.0.2 and pinned path-to-regexp to 0.1.10 to ensure we are using either the latest version of path-to-regexp or a version with patched vulnerabilities.

Fryguy
Fryguy reviewed Sep 16, 2024
View reviewed changes
package.json
"nth-check": "^2.1.1"
"nth-check": "^2.1.1",
"express/path-to-regexp": "0.1.10",
"sinon": "~19.0.2"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this resolution for sinon if we've updated the dependency?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bardjs uses sinon version 18 which doesn't use the latest version of path-to-regexp. So had to pin sinon to ensure the latest version is used for this.

Fryguy
Fryguy reviewed Sep 16, 2024
View reviewed changes
package.json Outdated Show resolved Hide resolved
Fryguy
Fryguy reviewed Sep 24, 2024
View reviewed changes
package.json Outdated Show resolved Hide resolved
@GilbertCherrie GilbertCherrie force-pushed the update_path_to_regexp branch 3 times, most recently from af64374 to f1d7438 Compare September 24, 2024 20:09
@Fryguy
Copy link
Member

Fryguy commented Sep 24, 2024

I think you accidentaly removed the yarn.lock changes from this PR

@GilbertCherrie
Copy link
Member Author

I think you accidentaly removed the yarn.lock changes from this PR

Yeah, it should be fixed now

@miq-bot
Copy link
Member

miq-bot commented Sep 24, 2024

Checked commit GilbertCherrie@90e6a13 with ruby 3.1.5, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🏆

@Fryguy Fryguy merged commit 8147608 into ManageIQ:master Sep 24, 2024
3 checks passed
@GilbertCherrie GilbertCherrie deleted the update_path_to_regexp branch September 24, 2024 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fryguy Fryguy Fryguy approved these changes

Assignees

@Fryguy Fryguy

Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@GilbertCherrie @Fryguy @miq-bot