Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update serve packages flagged by snyk #673

Closed
wants to merge 3 commits into from
Closed

Update serve packages flagged by snyk #673

wants to merge 3 commits into from

Conversation

jaffrepaul
Copy link
Contributor

No description provided.

@jaffrepaul jaffrepaul marked this pull request as draft December 15, 2022 23:34
This was referenced Dec 15, 2022
Closed
Closed
Closed
Closed
Closed
Closed
@jaffrepaul jaffrepaul changed the title Update packages flagged by snyk Update serve packages flagged by snyk Dec 16, 2022
@MikeMcC399
Copy link
Collaborator

MikeMcC399 commented Dec 19, 2022
edited
Loading

Hi @jaffrepaul

I noticed there is a breaking change in serve v13 which changes the default port from 5000 to 3000. Any tests previously relying on the default 5000 would need to add the parameter -p 5000 to the serve command line in the corresponding package.json.

start-and-yarn-workspaces examples are using yarn so they would need the yarn.lock updating. They currently have yarn classic v1 lock files.

(I checked, and major projects, like React and Angular are also still using yarn classic.)

@MikeMcC399
Copy link
Collaborator

@jaffrepaul

Just to check that my assessment was right, I ended up fixing the issues here, so if you'd like a PR piggy-backed on your draft PR please let me know.

Here are the differences:
update-snyk-deps...MikeMcC399:github-action:fix/update-snyk-deps

@MikeMcC399 MikeMcC399 mentioned this pull request Dec 23, 2022
Merged
@MikeMcC399
Copy link
Collaborator

I've submitted PR #682 to fix this one. My PR fails the snyk security check. I don't know why though, since I can't view the details, not being a member of the cypress-io organization.

@MikeMcC399 MikeMcC399 mentioned this pull request Dec 27, 2022
Closed
@jaffrepaul jaffrepaul force-pushed the update-snyk-deps branch 3 times, most recently from 1b8854f to 3805150 Compare January 4, 2023 20:35
@MikeMcC399
Copy link
Collaborator

@jaffrepaul

@MikeMcC399
Copy link
Collaborator

I suggest you also revert 3805150 with the ineffective whitelisting.

@jaffrepaul
Copy link
Contributor Author

Thanks @MikeMcC399 adding it to the whitelist was a simple prayer in the interest of time. Appreciate the follow up here!

@jaffrepaul jaffrepaul marked this pull request as ready for review January 5, 2023 19:30
@jaffrepaul jaffrepaul closed this Jan 5, 2023
@jaffrepaul jaffrepaul deleted the update-snyk-deps branch January 5, 2023 19:37
@jaffrepaul jaffrepaul mentioned this pull request Jan 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaffrepaul @MikeMcC399