Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade: Debug 4.0.1 > 4.3.2 #14892

Merged
merged 8 commits into from Aug 10, 2021
Merged

Upgrade: Debug 4.0.1 > 4.3.2 #14892

merged 8 commits into from Aug 10, 2021

Conversation

sandeshvijayraj
Copy link
Contributor

@sandeshvijayraj sandeshvijayraj commented Aug 6, 2021

Prerequisites checklist

What is the purpose of this pull request? (put an "X" next to an item)

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add auto fixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[ X] Other, please explain:

What changes did you make? (Give an overview)

The Debug libraries < 4.1.1 are considered to be vulnerable. A project having vulnerability scanners are getting blocked due to this vulnerable library inside eslint. The eslint consumer may not have a way to override sub-libraries. The fix can be done in the core repo only.

The MR just updates Debug library specified in package.json dependencies to the latest 4.3 version

Is there anything you'd like reviewers to focus on?

I ran the test specified in your project and seems to be fine but can still test the MR has no issues

@eslint-github-bot eslint-github-bot bot added the triage An ESLint team member will look at this issue soon label Aug 6, 2021
@eslint-github-bot
Copy link

eslint-github-bot bot commented Aug 6, 2021

Hi @sandeshvijayraj!, thanks for the Pull Request

The first commit message isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.

  • The commit message tag must be one of the following:

    The Tag is one of the following:

    • Fix - for a bug fix.
    • Update - either for a backwards-compatible enhancement or for a rule change that adds reported problems.
    • New - implements a new feature.
    • Breaking - for a backwards-incompatible enhancement or feature.
    • Docs - changes to documentation only.
    • Build - changes to build process only.
    • Upgrade - for a dependency upgrade.
    • Chore - for anything that isn't user-facing (for example, refactoring, adding tests, etc.).

    You can use the labels of the issue you are working on to determine the best tag.

  • There should be a space following the initial tag and colon, for example 'New: Message'.

Read more about contributing to ESLint here

@eslint-github-bot
Copy link

eslint-github-bot bot commented Aug 6, 2021

Hi @sandeshvijayraj!, thanks for the Pull Request

The pull request title isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.

  • The commit message tag must be one of the following:

    The Tag is one of the following:

    • Fix - for a bug fix.
    • Update - either for a backwards-compatible enhancement or for a rule change that adds reported problems.
    • New - implements a new feature.
    • Breaking - for a backwards-incompatible enhancement or feature.
    • Docs - changes to documentation only.
    • Build - changes to build process only.
    • Upgrade - for a dependency upgrade.
    • Chore - for anything that isn't user-facing (for example, refactoring, adding tests, etc.).

    You can use the labels of the issue you are working on to determine the best tag.

  • There should be a space following the initial tag and colon, for example 'New: Message'.

Read more about contributing to ESLint here

@sandeshvijayraj sandeshvijayraj changed the title Updated debug library version to avoid vulnerabilities scan error Upgrade: Updated debug library version to avoid vulnerabilities scan error Aug 6, 2021
@eslint-github-bot
Copy link

eslint-github-bot bot commented Aug 6, 2021

Hi @sandeshvijayraj!, thanks for the Pull Request

The pull request title isn't properly formatted. We ask that you update the message to match this format, as we use it to generate changelogs and automate releases.

  • The length of the commit message must be less than or equal to 72

Read more about contributing to ESLint here

@sandeshvijayraj sandeshvijayraj changed the title Upgrade: Updated debug library version to avoid vulnerabilities scan error Upgrade: Debug 4.0.1 > 4.3.2 Aug 6, 2021
Copy link
Member

@mdjermanovic mdjermanovic left a comment

@sandeshvijayraj thanks for the PR!

Can you please sign our CLA so we could merge this?

@mdjermanovic mdjermanovic added accepted There is consensus among the team that this change meets the criteria for inclusion upgrade This change is related to a dependency upgrade and removed triage An ESLint team member will look at this issue soon labels Aug 6, 2021
@sandeshvijayraj
Copy link
Contributor Author

sandeshvijayraj commented Aug 6, 2021

@mdjermanovic

I did signed it and when I open it it shows me as signed not sure why its not updating here do I have to do any more steps ??

@mdjermanovic
Copy link
Member

mdjermanovic commented Aug 6, 2021

Copy link
Contributor

@snitin315 snitin315 left a comment

LGTM, thanks for contributing.

@snitin315
Copy link
Contributor

snitin315 commented Aug 7, 2021

Note to the merger -

While merging make sure to remove Co-authored-by: Sandesh.Bafna@cimpress.com <sandesh.bafna@cimpress.com> from the commit description, as CLA is not signed with this email.

nzakas
nzakas approved these changes Aug 10, 2021
@nzakas nzakas merged commit 62c6fe7 into eslint:master Aug 10, 2021
13 checks passed
@nzakas
Copy link
Member

nzakas commented Aug 10, 2021

Thanks @snitin315

bmish added a commit to bmish/eslint that referenced this pull request Aug 11, 2021
* master:
  Chore: Add rel/abs path tests in `no-restricted-{imports/modules}` rules (eslint#14910)
  Upgrade: Debug 4.0.1 > 4.3.2 (eslint#14892)
  Chore: add assertions on reporting location in `semi` (eslint#14899)
  Fix: no-useless-computed-key edge cases with class fields (refs eslint#14857) (eslint#14903)
  Upgrade: `js-yaml` to v4 (eslint#14890)
  Fix: prefer-destructuring PrivateIdentifier false positive (refs eslint#14857) (eslint#14897)
  Fix: dot-notation false positive with private identifier (refs eslint#14857) (eslint#14898)
  Sponsors: Sync README with website
  Sponsors: Sync README with website
  Docs: improve rule details for `no-console` (fixes eslint#14793) (eslint#14901)
  Update: check class fields in no-extra-parens (refs eslint#14857) (eslint#14906)
  Docs: add class fields in no-multi-assign documentation (refs eslint#14857) (eslint#14907)
  Docs: add class fields in func-names documentation (refs eslint#14857) (eslint#14908)
  Upgrade: `eslint-visitor-keys` to v3 (eslint#14902)
  Upgrade: `markdownlint` dev dependencies (eslint#14883)
  Upgrade: @humanwhocodes/config-array to 0.6 (eslint#14891)
  Chore: Specify Node 14.x for Verify Files CI job (eslint#14896)
@eslint-github-bot eslint-github-bot bot locked and limited conversation to collaborators Feb 7, 2022
@eslint-github-bot eslint-github-bot bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Feb 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
accepted There is consensus among the team that this change meets the criteria for inclusion archived due to age This issue has been archived; please open a new issue for any further discussion upgrade This change is related to a dependency upgrade
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants