Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the vulnerability in the yaml NPM package #3640

Merged
merged 1 commit into from
Apr 25, 2023
Merged

Fix the vulnerability in the yaml NPM package #3640

merged 1 commit into from
Apr 25, 2023

Conversation

opudrovs
Copy link
Contributor

@opudrovs opudrovs commented Apr 25, 2023
edited
Loading

Closes #3637

  • Upgraded the yaml package to version 2.2.2 to resolve the vulnerability, reported by Snyk.

  • Added an alias for the yaml package in package.json to resolve the ReferenceError happening in v2.2.2 with the default import. Parcel chokes on mixed types of exports (probably where export all/export with rename are mixed, as stated in the following issue $78fb23f46eb09f80$exports is not defined parcel-bundler/parcel#8792 ).

  • Updated the @docusaurus package and its dependencies. Added a custom resolution for yaml v2.2.2 to website subdependencies.

Tested:

  • Tested it in Tilt with regular mode and in the FAST_AND_FURIOUSER mode.
  • Also ran npm run build to make sure it builds successfully.
  • Ran the documentation with yarn start.

Testing:
To test it, run the app in Tilt and make sure that there are no errors displayed in the browser console in general or on object detail pages when displaying YAML views.

@opudrovs opudrovs added the bug Something isn't working label Apr 25, 2023
@opudrovs opudrovs force-pushed the 3637-fix-yaml-vulnerability branch from 71f4c06 to 20f159c Compare April 25, 2023 01:25
@opudrovs
Upgrade the yaml package to version 2.2.2 to resolve the vulnerabil…
809dd09 
…ity, reported by Snyk.

Add an alias for the `yaml` package in `package.json` to resolve the ReferenceError happening in v2.2.2 with the default import.

Update the `@docusaurus` package and its dependencies.
@opudrovs opudrovs force-pushed the 3637-fix-yaml-vulnerability branch from 20f159c to 809dd09 Compare April 25, 2023 01:33
@opudrovs opudrovs marked this pull request as ready for review April 25, 2023 02:37
@opudrovs opudrovs requested review from chanwit and foot April 25, 2023 02:37
foot
foot approved these changes Apr 25, 2023
View reviewed changes
Copy link
Contributor

@foot foot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@foot
Copy link
Contributor

foot commented Apr 25, 2023

Great PR description btw 👌

@opudrovs
Copy link
Contributor Author

@foot thank you! 🌞

@opudrovs opudrovs merged commit 5ba7954 into main Apr 25, 2023
@opudrovs opudrovs deleted the 3637-fix-yaml-vulnerability branch April 25, 2023 10:32
@opudrovs opudrovs mentioned this pull request Apr 25, 2023
Merged
This was referenced Apr 25, 2023
Merged
Merged
@opudrovs opudrovs mentioned this pull request May 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@foot foot foot approved these changes

@chanwit chanwit Awaiting requested review from chanwit

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix the vulnerability in the yaml NPM package
2 participants
@opudrovs @foot