Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade superagent to resolve potential CVE #9494

Merged
merged 1 commit into from May 24, 2022
Merged

fix: upgrade superagent to resolve potential CVE #9494

merged 1 commit into from May 24, 2022

Conversation

alexmt
Copy link
Collaborator

@alexmt alexmt commented May 23, 2022

Signed-off-by: Alexander Matyushentsev AMatyushentsev@gmail.com

PR upgrades superagent to resolve https://security.snyk.io/vuln/SNYK-JS-FORMIDABLE-2838956

Additionally removes no longer required superagent-promise and @types/superagent packages

@crenshaw-dev
Copy link
Collaborator

Nice. Want to go ahead and remove the ignore rule in .snyk? That'd let us catch if a future change re-introduces the vulnerability.

snyk test --org=argoproj --all-projects --exclude=docs,site --policy-path=.snyk --severity-threshold=high to make sure the change removed all vulnerable paths.

@crenshaw-dev
Copy link
Collaborator

Oh lol this was never merged #9470

Closing in favor of this one.

@crenshaw-dev crenshaw-dev mentioned this pull request May 23, 2022
Merged
@alexmt
Copy link
Collaborator Author

alexmt commented May 23, 2022

Thanks for noticing @crenshaw-dev !

@alexmt
fix: upgrade superagent to resolve potential CVE
cdeae5d 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@alexmt
Copy link
Collaborator Author

alexmt commented May 23, 2022

Ops, had to re-add @types/superagent - it is still required. @crenshaw-dev can you please take a look one more time.

@codecov
Copy link

codecov bot commented May 23, 2022

Codecov Report

Merging #9494 (cdeae5d) into master (1b6275a) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #9494   +/-   ##
=======================================
  Coverage   45.71%   45.71%           
=======================================
  Files         221      221           
  Lines       26289    26289           
=======================================
  Hits        12019    12019           
  Misses      12610    12610           
  Partials     1660     1660

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1b6275a...cdeae5d. Read the comment docs.

rbreeze
rbreeze approved these changes May 24, 2022
View reviewed changes
Copy link
Member

@rbreeze rbreeze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@alexmt alexmt merged commit df13d96 into argoproj:master May 24, 2022
@alexmt alexmt deleted the upgrade-superagent branch May 24, 2022 05:00
crenshaw-dev pushed a commit that referenced this pull request Jan 10, 2023
@alexmt @crenshaw-dev
fix: upgrade superagent to resolve potential CVE (#9494)
d11ee71 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@crenshaw-dev
Copy link
Collaborator

Cherry-picked onto release-2.4 to simplify cherry-pick of #11743

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbreeze rbreeze rbreeze approved these changes

@crenshaw-dev crenshaw-dev Awaiting requested review from crenshaw-dev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@alexmt @crenshaw-dev @rbreeze