Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix high severity audit issues #5142

Merged
merged 4 commits into from
Oct 25, 2022
Merged

Fix high severity audit issues #5142

merged 4 commits into from
Oct 25, 2022

Conversation

tommasini
Copy link
Contributor

Description
Proposal for solving high sev audit issues blocking our release builds.

Proposed Solution
Added resolutions to our package json for minimatch and glob, this packages were causing issues on this packages:

  • eslint
  • eslint-import-resolver-typescript
  • eslint-config-react-native
  • @lavamoat/allow-scripts
  • jest

Also, was updated the react native reanimated library from 2.2.3 to 2.10.0.
react-native-reanimated is used in these components:

  • Accordion
  • AccordionHeader
  • Toast
  • ButtonReveal
  • Drawer
  • Quote
  • AmountToBuy
  • GetQuotes
  • Fox
  • Notification
  • SimpleNotification
  • TransactionNotification
  • ReusableModal
  • Onboarding
  • testSetup

Test Cases

  • Ran all the tests with yarn jest
  • Ran the mobile app on IOS and Android
  • Tested sendFlow and MetaMask Test Dapp

Screenshots/Recordings
Audit high sev issues:
image
image
image

Issue

Progresses #???

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@tommasini tommasini requested a review from a team as a code owner October 24, 2022 14:18
@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@tommasini tommasini marked this pull request as draft October 24, 2022 14:42
@tommasini tommasini changed the title Fix high severity audit issues [DRAFT] Fix high severity audit issues Oct 24, 2022
@tommasini tommasini changed the title [DRAFT] Fix high severity audit issues Fix high severity audit issues Oct 24, 2022
@tommasini tommasini marked this pull request as ready for review October 24, 2022 15:55
@tommasini tommasini added the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Oct 24, 2022
rickycodes
rickycodes approved these changes Oct 24, 2022
View reviewed changes
Copy link
Member

@rickycodes rickycodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Fatxx Fatxx added the needs-qa Any New Features that needs a full manual QA prior to being added to a release. label Oct 24, 2022
@cortisiko cortisiko added QA Passed A successful QA run through has been done and removed needs-qa Any New Features that needs a full manual QA prior to being added to a release. labels Oct 25, 2022
cortisiko
cortisiko approved these changes Oct 25, 2022
View reviewed changes
Copy link
Member

@cortisiko cortisiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not run into any issues. 👍 on my end

@cortisiko cortisiko added release-5.10.0 and removed needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) labels Oct 25, 2022
@tommasini tommasini merged commit 3dadcb6 into main Oct 25, 2022
@tommasini tommasini deleted the fix/yarn-audit-sev-high branch October 25, 2022 18:10
@github-actions github-actions bot locked and limited conversation to collaborators Oct 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rickycodes rickycodes rickycodes approved these changes

@cortisiko cortisiko cortisiko approved these changes

Assignees
No one assigned
Labels
QA Passed A successful QA run through has been done release-5.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tommasini @rickycodes @cortisiko @Fatxx