-
-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
task: Use make-fetch-happen #1500
task: Use make-fetch-happen #1500
Conversation
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/unleash-team/unleash-docs/53iZXAoTi62v71H88V13g8b7YSjh |
@@ -99,11 +96,11 @@ | |||
"js-yaml": "^4.1.0", | |||
"knex": "1.0.4", | |||
"log4js": "^6.0.0", | |||
"make-fetch-happen": "^10.1.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:npm/make-fetch-happen@10.1.2
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/minimatch@3.0.4
CRITICAL Vulnerabilities (1)
[sonatype-2021-4879] Unknown
minimatch - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sonatype-lift ignore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore
.
@@ -5048,6 +5209,28 @@ make-error@1.x, make-error@^1.1.1: | |||
resolved "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz" | |||
integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== | |||
|
|||
make-fetch-happen@^10.1.2: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:npm/make-fetch-happen@10.1.2
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/minimatch@3.0.4
CRITICAL Vulnerabilities (1)
[sonatype-2021-4879] Unknown
minimatch - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
Coverage report
Show files with reduced coverage 🔻
Test suite run success860 tests passing in 124 suites. Report generated by 🧪jest coverage report action from b6d5758 |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
@@ -99,11 +96,11 @@ | |||
"js-yaml": "^4.1.0", | |||
"knex": "1.0.4", | |||
"log4js": "^6.0.0", | |||
"make-fetch-happen": "^10.1.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:npm/make-fetch-happen@10.1.2
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/minimatch@3.0.4
CRITICAL Vulnerabilities (1)
[sonatype-2021-4879] Unknown
minimatch - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
@@ -5048,6 +5209,28 @@ make-error@1.x, make-error@^1.1.1: | |||
resolved "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz" | |||
integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== | |||
|
|||
make-fetch-happen@^10.1.2: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:npm/make-fetch-happen@10.1.2
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:npm/minimatch@3.0.4
CRITICAL Vulnerabilities (1)
[sonatype-2021-4879] Unknown
minimatch - Regular Expression Denial of Service (ReDoS)
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
36485bc
to
b6d5758
Compare
So we've had a couple of issues left hanging, one is that our http client usage for addons doesn't actually return the retried response (it does retry, but keeps the original response).
This PR switches to npm/make-fetch-happen, and replaces jest-node-fetch with nock to mock the http endpoints. Personally I find the tests to be more readable now, and we can now support retries the correct way.