Skip to content

Commit

Permalink
fix: update node deps due to vulns (#583)
Browse files Browse the repository at this point in the history 
### **PR Type**
Bug fix, Dependencies


___

### **Description**
- Removed `GHSA-952p-6rrq-rcjv` from the allowlist in `audit-ci.jsonc`.
- Added new dependency overrides in `package.json` for `cookie`,
`elliptic`, and `cross-spawn` to address vulnerabilities.
- Updated `pnpm-lock.yaml` to reflect the new versions of `cookie`,
`elliptic`, and `cross-spawn`, and removed older versions of these and
other dependencies.



___



### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Bug
fix</strong></td><td><table>
<tr>
  <td>
    <details>
<summary><strong>audit-ci.jsonc</strong><dd><code>Remove specific
vulnerability from allowlist</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary>
<hr>

audit-ci.jsonc

- Removed `GHSA-952p-6rrq-rcjv` from the allowlist.



</details>


  </td>
<td><a
href="https://github.com/nhost/hasura-auth/pull/583/files#diff-4ede69da2a1704e53e08b8d647a315c202f037cc9277f16c94176d9622d261c6">+0/-1</a>&nbsp;
&nbsp; &nbsp; </td>

</tr>
</table></td></tr><tr><td><strong>Dependencies</strong></td><td><table>
<tr>
  <td>
    <details>
<summary><strong>package.json</strong><dd><code>Add new dependency
overrides for security</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
</dd></summary>
<hr>

package.json

<li>Added new dependency overrides for <code>cookie</code>,
<code>elliptic</code>, and <code>cross-spawn</code>.<br>


</details>


  </td>
<td><a
href="https://github.com/nhost/hasura-auth/pull/583/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519">+4/-1</a>&nbsp;
&nbsp; &nbsp; </td>

</tr>

<tr>
  <td>
    <details>
<summary><strong>pnpm-lock.yaml</strong><dd><code>Update dependencies to
address vulnerabilities</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary>
<hr>

pnpm-lock.yaml

<li>Updated versions for <code>cookie</code>, <code>elliptic</code>, and
<code>cross-spawn</code>.<br> <li> Removed older versions of
<code>cookie</code>, <code>cross-spawn</code>, and other
dependencies.<br> <br>


</details>


  </td>
<td><a
href="https://github.com/nhost/hasura-auth/pull/583/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bb">+25/-93</a>&nbsp;
</td>

</tr>
</table></td></tr></tr></tbody></table>

___

> 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull
request to receive relevant information
  • Loading branch information
@dbarrosop
dbarrosop authored Nov 18, 2024
1 parent a199f4e commit d8fbbcf
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 95 deletions.
1 change: 0 additions & 1 deletion audit-ci.jsonc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
"$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
"moderate": true,
"allowlist": [
"GHSA-952p-6rrq-rcjv"
]
}
5 changes: 4 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@
"elliptic@>=5.2.1 <=6.5.6": ">=6.5.7",
"micromatch@<4.0.8": ">=4.0.8",
"send@<0.19.0": ">=0.19.0",
"dset@<3.1.4": ">=3.1.4"
"dset@<3.1.4": ">=3.1.4",
"cookie@<0.7.0": ">=0.7.0",
"elliptic@<6.6.0": ">=6.6.0",
"cross-spawn@<7.0.5": ">=7.0.5"
}
}
}
118 changes: 25 additions & 93 deletions pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit d8fbbcf

Please sign in to comment.