-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Add chaijs/get-func-name resolution #7351
fix: Add chaijs/get-func-name resolution #7351
Conversation
Follow-up: Bump ethereum-optimism then remove resolution Ref: ethereum-optimism/optimism#7432 (review) Vulnerability: GHSA-4q6p-r6v2-jvc5 Fix commit: chaijs/get-func-name@f934b22
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
No top level dependency changes detected. Learn more about Socket for GitHub ↗︎ |
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@SocketSecurity ignore get-func-name@2.0.2 nb: https://socket.dev/npm/package/get-func-name/issues/2.0.2?issue=unstableOwnership
|
Codecov ReportAll modified lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7351 +/- ##
=======================================
Coverage 34.60% 34.60%
=======================================
Files 1017 1017
Lines 27144 27144
Branches 2205 2205
=======================================
Hits 9393 9393
Misses 17262 17262
Partials 489 489 ☔ View full report in Codecov by Sentry. |
Remove stale lockfile resolution Since removed package.json resolution RE: https://github.com/MetaMask/metamask-mobile/pull/7351/files#r1340055974
Kudos, SonarCloud Quality Gate passed! |
ah automation wins, could've merged instead 🙈 @dawnseeker8 i'll lookout for our bots next time |
Description
Fix CI: https://github.com/MetaMask/metamask-mobile/actions/runs/6331863392/job/17197486695
By adding a Yarn
package.jsonlockfile resolutionThen once
Merged we can remove the resolution and bump
ethereum-optimism
Fixed in: chaijs/get-func-name@f934b22
Manual testing steps
yarn audit:ci
Related issues
Fixes GHSA-4q6p-r6v2-jvc5
Pre-merge author checklist
Pre-merge reviewer checklist