Upgrade lodash version to 4.17.12+ for helix-rest by narendly · Pull Request #1081 · apache/helix

narendly · 2020-06-10T18:36:01Z

Issues

My PR addresses the following Helix issues and references them in the PR description:

Description

Here are some details about my PR, including screenshots of any UI changes:

There was a security vulnerability found in older versions of lodash. This commit upgrades it to a version containing the fix. For details, see https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/

Tests

The following tests are written for this issue:

No tests needed

The following is the result of the "mvn test" command on the appropriate module:

mvn build on helix-front module

[INFO] 
[INFO] --- maven-bundle-plugin:3.5.0:bundle (default-bundle) @ helix-front ---
[INFO] 
[INFO] --- maven-site-plugin:3.2:attach-descriptor (attach-descriptor) @ helix-front ---
[INFO] 
[INFO] >>> maven-source-plugin:2.2.1:jar (attach-sources) > generate-sources @ helix-front >>>
[INFO] 
[INFO] <<< maven-source-plugin:2.2.1:jar (attach-sources) < generate-sources @ helix-front <<<
[INFO] 
[INFO] 
[INFO] --- maven-source-plugin:2.2.1:jar (attach-sources) @ helix-front ---
[INFO] Building jar: /home/hulee/mp/helix3/helix-front/target/helix-front-1.0.1-SNAPSHOT-sources.jar
[INFO] 
[INFO] --- exec-maven-plugin:1.6.0:exec (Unpack assembly) @ helix-front ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  09:55 min
[INFO] Finished at: 2020-06-10T11:28:09-07:00
[INFO] ------------------------------------------------------------------------

Commits

My commits all reference appropriate Apache Helix GitHub issues in their subject lines. In addition, my commits follow the guidelines from "How to write a good git commit message":
1. Subject is separated from body by a blank line
2. Subject is limited to 50 characters (not including Jira issue reference)
3. Subject does not end with a period
4. Subject uses the imperative mood ("add", not "adding")
5. Body wraps at 72 characters
6. Body explains "what" and "why", not "how"

Documentation (Optional)

In case of new functionality, my PR adds documentation in the following wiki page:

(Link the GitHub wiki you added)

Code Quality

My diff has been formatted using helix-style.xml
(helix-style-intellij.xml if IntelliJ IDE is used)

There was a security vulnerability found in older versions of lodash. This commit upgrades it to a version containing the fix. For details, see https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/

junkaixue approved these changes Jun 10, 2020

View reviewed changes

narendly merged commit f07f9e4 into apache:master Jun 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade lodash version to 4.17.12+ for helix-rest#1081

Upgrade lodash version to 4.17.12+ for helix-rest#1081
narendly merged 1 commit intoapache:masterfrom
narendly:lodash

narendly commented Jun 10, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

narendly commented Jun 10, 2020

Issues

Description

Tests

Commits

Documentation (Optional)

Code Quality

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants