Skip to content

Fixing package vulnerabilities for y18n and netmask#10765

Merged
ryanml merged 1 commit intodevelopfrom
netmask-y18n-vuln-fix
Mar 30, 2021
Merged

Fixing package vulnerabilities for y18n and netmask#10765
ryanml merged 1 commit intodevelopfrom
netmask-y18n-vuln-fix

Conversation

@ryanml
Copy link
Contributor

@ryanml ryanml commented Mar 30, 2021
edited
Loading

Manually resolving netmask to ^2.0.1, and y18n to ^4.0.1

Fixes: #10764

@ryanml ryanml requested a review from danjm March 30, 2021 00:41
@ryanml ryanml self-assigned this Mar 30, 2021
@ryanml ryanml requested a review from a team as a code owner March 30, 2021 00:41
@metamaskbot
Copy link
Collaborator

metamaskbot commented Mar 30, 2021

Builds ready [38dc376]
Page Load Metrics (555 ± 55 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint46825884
domContentLoaded36173755311455
load36273755511555
domInteractive36073655311455

danjm
danjm reviewed Mar 30, 2021
View reviewed changes
Gudahtt
Gudahtt requested changes Mar 30, 2021
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yarn resolutions are only necessary when we need to make an update that's not compatible with the range requested by the dependency. In this case, for y18n, all we need to do is update the lockfile to use 4.0.1, since the range asked for is ^4.0.0 which includes 4.0.1

@ryanml ryanml force-pushed the netmask-y18n-vuln-fix branch from 38dc376 to 8a45c6d Compare March 30, 2021 04:24
@github-actions
Copy link
Contributor

github-actions bot commented Mar 30, 2021

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@ryanml
Updating y18n and netmask to resolve dependency issues
44841a9 
netmask@1.0.6 -> 2.0.1, y18n@3.2.1 -> 3.2.2, y18n@4.0.0 -> 4.0.1
@ryanml ryanml dismissed a stale review via 44841a9 March 30, 2021 04:30
@ryanml ryanml force-pushed the netmask-y18n-vuln-fix branch from 8a45c6d to 44841a9 Compare March 30, 2021 04:30
@ryanml ryanml requested review from Gudahtt and danjm March 30, 2021 04:31
@ryanml
Copy link
Contributor Author

ryanml commented Mar 30, 2021

changes pushed

@metamaskbot
Copy link
Collaborator

metamaskbot commented Mar 30, 2021

Builds ready [44841a9]
Page Load Metrics (578 ± 55 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint467659105
domContentLoaded35177257611455
load35277357811455
domInteractive35177257611455

Gudahtt
Gudahtt approved these changes Mar 30, 2021
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ryanml ryanml merged commit e0b7d08 into develop Mar 30, 2021
@ryanml ryanml deleted the netmask-y18n-vuln-fix branch March 30, 2021 05:47
@github-actions github-actions bot locked and limited conversation to collaborators Mar 30, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

@danjm danjm Awaiting requested review from danjm

+1 more reviewer

@DONALDSULLENDER DONALDSULLENDER DONALDSULLENDER left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ryanml ryanml

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

y18n, netmask dependency vulnerabilities

5 participants

@ryanml @metamaskbot @Gudahtt @danjm @DONALDSULLENDER