New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: upgrade qs to avoid CVE-2022-24999 #11743
Conversation
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Codecov ReportBase: 47.30% // Head: 47.30% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@
## master #11743 +/- ##
=======================================
Coverage 47.30% 47.30%
=======================================
Files 243 243
Lines 41525 41525
=======================================
Hits 19644 19644
Misses 19907 19907
Partials 1974 1974 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not much information, I have to trust the functional test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
* fix: upgrade qs to avoid CVE-2022-24999 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * don't explicitly add dependency Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Only the 2.6 cherry pick worked. I'll open new PR(s) for <=2.5.0. |
Managed to apply the change to release-2.5 and release-2.4. |
I'm going to leave this off 2.3 since it's going EOL very soon, and I'm concerned my questionable conflict resolution will cause regressions. |
* fix: upgrade qs to avoid CVE-2022-24999 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * don't explicitly add dependency Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: emirot <emirot.nolan@gmail.com>
* fix: upgrade qs to avoid CVE-2022-24999 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * don't explicitly add dependency Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: schakrad <chakradari.sindhu@gmail.com>
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: