Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities #23063

Merged
merged 4 commits into from Jun 27, 2019
Merged

馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities #23063

merged 4 commits into from Jun 27, 2019

Conversation

PatOnTheBack
Copy link
Contributor

@PatOnTheBack PatOnTheBack commented Jun 27, 2019
edited

@PatOnTheBack
Update to rrule 2.6.2 to Fix Vulnerabilities
644aef7 
This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455).
This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421).
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

馃摑 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

鈩癸笍 Googlers: Go here for more info.

@PatOnTheBack PatOnTheBack changed the title Update to rrule 2.6.2 to Fix DoS Vulnerabilities 馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities Jun 27, 2019
@PatOnTheBack
Copy link
Contributor Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

鈩癸笍 Googlers: Go here for more info.

@jridgewell
Copy link
Contributor

/cc @cvializ

rsimha
rsimha suggested changes Jun 27, 2019
View reviewed changes
package.json
@@ -28,7 +28,7 @@
"promise-pjs": "1.1.3",
"prop-types": "15.7.2",
"react-dates": "15.5.3",
"rrule": "2.2.0",
"rrule": "2.6.2",
Copy link
Contributor

@rsimha rsimha Jun 27, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs an accompanying change to yarn.lock. You can generate it by running yarn.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rsimha I tried running yarn, but it did not work properly in my local environment.

Am I supposed to set up my own Travis CI environment or run the command locally on my computer?

Is there a way someone else can run yarn to modify my PR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assigned this to @cvializ

@cvializ
Copy link
Contributor

cvializ commented Jun 27, 2019

Did the git-fu to add yarn.lock

@PatOnTheBack
Copy link
Contributor Author

I never tried git-fu. I trued gulp update-packages and also just yarn. Neither worked.

@cvializ
Copy link
Contributor

cvializ commented Jun 27, 2019

Ah sorry I was unclear, I meant I did the git commands to check out your branch, run yarn and commit and push the yarn.lock change. You'd have to share what the output was when it didn't work for me to help you, but the lockfile is committed now

@cvializ
Copy link
Contributor

cvializ commented Jun 27, 2019

@rsimha PTAL

rsimha
rsimha approved these changes Jun 27, 2019
View reviewed changes
Copy link
Contributor

@rsimha rsimha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for sending out this PR, @PatOnTheBack. And thanks for seeing it through, @cvializ!

@jridgewell jridgewell merged commit 3d86761 into ampproject:master Jun 27, 2019
@PatOnTheBack PatOnTheBack deleted the patch-1 branch June 28, 2019 00:58
zhouyx pushed a commit that referenced this pull request Jul 2, 2019
@PatOnTheBack @zhouyx
馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities (#23063)
2e1557a 
* Update to rrule 2.6.2 to Fix Vulnerabilities

This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455).
This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421).

* Add yarn.lock

* Skip flaky sidebar e2e in shadow-demo
@zhouyx zhouyx mentioned this pull request Jul 2, 2019
Closed
thekorn pushed a commit to edelight/amphtml that referenced this pull request Sep 11, 2019
@PatOnTheBack @jridgewell
馃悰 Update to rrule 2.6.2 to Fix DoS Vulnerabilities (ampproject#23063)
ca98eab 
* Update to rrule 2.6.2 to Fix Vulnerabilities

This fixes a [high severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72455).
This also fixes a [medium severity DoS vulnerability found by Snyk](https://app.snyk.io/vuln/SNYK-JS-RRULE-72421).

* Add yarn.lock

* Skip flaky sidebar e2e in shadow-demo
@rsimha rsimha mentioned this pull request Dec 27, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rsimha rsimha rsimha approved these changes

Assignees

@cvializ cvializ

Labels
cla: yes P1: High Priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@PatOnTheBack @googlebot @jridgewell @cvializ @rsimha @kristoferbaxter