Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix normalize-url vulnerability #16375

Merged
merged 1 commit into from Jun 11, 2021
Merged

Conversation

@bbovenzi
Copy link
Contributor

@bbovenzi bbovenzi commented Jun 10, 2021

Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054


^ Add meaningful description above

Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.

@ashb ashb added this to the Airflow 2.1.1 milestone Jun 10, 2021
kaxil
kaxil approved these changes Jun 10, 2021
@github-actions
Copy link

@github-actions github-actions bot commented Jun 10, 2021

The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease.

Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054
@kaxil kaxil force-pushed the fix-yarn-package-vulnerability branch from 09cda43 to bea24b2 Jun 10, 2021
@ashb ashb merged commit 70bf1b1 into apache:main Jun 11, 2021
29 of 30 checks passed
@ashb ashb deleted the fix-yarn-package-vulnerability branch Jun 11, 2021
jhtimmins added a commit to astronomer/airflow that referenced this issue Jun 15, 2021
Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054

(cherry picked from commit 70bf1b1)
ashb added a commit that referenced this issue Jun 22, 2021
Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054

(cherry picked from commit 70bf1b1)
kaxil added a commit to astronomer/airflow that referenced this issue Jun 22, 2021
Update two packages that used a highly vulnerable version of normalize-url

See facebook/create-react-app#11054

(cherry picked from commit 70bf1b1)
(cherry picked from commit b578120)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants