Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Remove shell-quote resolution #8820

Merged
merged 1 commit into from
Mar 4, 2024
Merged

chore: Remove shell-quote resolution #8820

merged 1 commit into from
Mar 4, 2024

Conversation

Gudahtt
Copy link
Member

@Gudahtt Gudahtt commented Mar 1, 2024

Description

This resolution was added in #4559 to resolve a security advisory, but it was needed then due to another dependency that was pinned on a vulnerable version of this package (v1.6.1). We don't have that in our dependency tree anymore, so we aren't asking for the vulnerable version and we no longer need the resolution. Effectively this resolution was just holding this package back, preventing further updates.

Related issues

N/A

Manual testing steps

N/A

Screenshots/Recordings

N/A

Pre-merge author checklist

  • I’ve followed MetaMask Coding Standards.
  • I've clearly explained what problem this PR is solving and how it is solved.
  • I've linked related issues
  • I've included manual testing steps
  • I've included screenshots/recordings if applicable
  • I’ve included tests if applicable
  • I’ve documented my code using JSDoc format if applicable
  • I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
  • I’ve properly set the pull request status:
    • In case it's not yet "ready for review", I've set it to "draft".
    • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@Gudahtt Gudahtt added needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) team-mobile-platform Run Smoke E2E Triggers smoke e2e on Bitrise labels Mar 1, 2024
@Gudahtt Gudahtt marked this pull request as ready for review March 1, 2024 22:38
@Gudahtt Gudahtt requested a review from a team as a code owner March 1, 2024 22:38
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 1, 2024
edited by metamaskbot
Loading

https://bitrise.io/ Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 4c27572
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/529a842d-df87-4e89-9465-f59c943dac27

Note

  • You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch 2 times, most recently from eb7beec to 0bbd390 Compare March 4, 2024 14:05
Cal-L
Cal-L approved these changes Mar 4, 2024
View reviewed changes
Copy link
Contributor

@Cal-L Cal-L left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch from 0bbd390 to d469468 Compare March 4, 2024 16:20
@Gudahtt
chore: Remove shell-quote resolution
ff14603 
This resolution was added in #4559 to resolve a security advisory, but
it was needed then due to another dependency that was pinned on a
vulnerable verison of this package (v1.6.1). We don't have that in our
dependency tree anymore, so we aren't asking for the vulnerable version
and we no longer need the resolution. Effectively this resolution was
just holding this package back, preventing further updates.
@Gudahtt Gudahtt force-pushed the remove-shell-quote-resolution branch from d469468 to ff14603 Compare March 4, 2024 17:26
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/shell-quote@1.8.0 None 0 42.6 kB ljharb

🚮 Removed packages: npm/shell-quote@1.7.3

View full report↗︎

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Mar 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@Gudahtt Gudahtt merged commit 7b0956e into main Mar 4, 2024
28 of 29 checks passed
@Gudahtt Gudahtt deleted the remove-shell-quote-resolution branch March 4, 2024 17:40
@github-actions github-actions bot locked and limited conversation to collaborators Mar 4, 2024
@github-actions github-actions bot removed the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Mar 4, 2024
@metamaskbot metamaskbot added the release-7.19.0 Issue or pull request that will be included in release 7.19.0 label Mar 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Cal-L Cal-L Cal-L approved these changes

Assignees
No one assigned
Labels
release-7.19.0 Issue or pull request that will be included in release 7.19.0 Run Smoke E2E Triggers smoke e2e on Bitrise team-mobile-platform
Projects
PR review queue
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Gudahtt @Cal-L @metamaskbot