Skip to content

chore: Remove shell-quote resolution#8820

Merged
Gudahtt merged 1 commit into
mainfrom
remove-shell-quote-resolution
Mar 4, 2024
Merged

chore: Remove shell-quote resolution#8820
Gudahtt merged 1 commit into
mainfrom
remove-shell-quote-resolution

Conversation

@Gudahtt

@Gudahtt Gudahtt commented Mar 1, 2024

Copy link
Copy Markdown
Member

Description

This resolution was added in #4559 to resolve a security advisory, but it was needed then due to another dependency that was pinned on a vulnerable version of this package (v1.6.1). We don't have that in our dependency tree anymore, so we aren't asking for the vulnerable version and we no longer need the resolution. Effectively this resolution was just holding this package back, preventing further updates.

Related issues

N/A

Manual testing steps

N/A

Screenshots/Recordings

N/A

Pre-merge author checklist

  • I’ve followed MetaMask Coding Standards.
  • I've clearly explained what problem this PR is solving and how it is solved.
  • I've linked related issues
  • I've included manual testing steps
  • I've included screenshots/recordings if applicable
  • I’ve included tests if applicable
  • I’ve documented my code using JSDoc format if applicable
  • I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
  • I’ve properly set the pull request status:
    • In case it's not yet "ready for review", I've set it to "draft".
    • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@Gudahtt Gudahtt added needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) team-mobile-platform Mobile Platform team Run Smoke E2E labels Mar 1, 2024
@Gudahtt Gudahtt marked this pull request as ready for review March 1, 2024 22:38
@Gudahtt Gudahtt requested a review from a team as a code owner March 1, 2024 22:38
@github-actions

github-actions Bot commented Mar 1, 2024
edited by metamaskbot
Loading

Copy link
Copy Markdown
Contributor

https://bitrise.io/ Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 4c27572
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/529a842d-df87-4e89-9465-f59c943dac27

Note

  • You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch 2 times, most recently from eb7beec to 0bbd390 Compare March 4, 2024 14:05
Cal-L
Cal-L approved these changes Mar 4, 2024
View reviewed changes

@Cal-L Cal-L left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch from 0bbd390 to d469468 Compare March 4, 2024 16:20
@Gudahtt
chore: Remove shell-quote resolution
ff14603 
This resolution was added in #4559 to resolve a security advisory, but
it was needed then due to another dependency that was pinned on a
vulnerable verison of this package (v1.6.1). We don't have that in our
dependency tree anymore, so we aren't asking for the vulnerable version
and we no longer need the resolution. Effectively this resolution was
just holding this package back, preventing further updates.
@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch from d469468 to ff14603 Compare March 4, 2024 17:26
@socket-security

socket-security Bot commented Mar 4, 2024

Copy link
Copy Markdown

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/shell-quote@1.8.0 None 0 42.6 kB ljharb

🚮 Removed packages: npm/shell-quote@1.7.3

View full report↗︎

@sonarqubecloud

sonarqubecloud Bot commented Mar 4, 2024

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@Gudahtt Gudahtt merged commit 7b0956e into main Mar 4, 2024
@Gudahtt Gudahtt deleted the remove-shell-quote-resolution branch March 4, 2024 17:40
@github-actions github-actions Bot locked and limited conversation to collaborators Mar 4, 2024
@github-actions github-actions Bot removed the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Mar 4, 2024
@metamaskbot metamaskbot added the release-7.19.0 Issue or pull request that will be included in release 7.19.0 label Mar 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Cal-L Cal-L Cal-L approved these changes

Assignees

No one assigned

Labels

release-7.19.0 Issue or pull request that will be included in release 7.19.0 team-mobile-platform Mobile Platform team

Projects

PR review queue
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gudahtt @Cal-L @metamaskbot