Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: Fix CVE-2021-3918 #51745

Merged
merged 1 commit into from Jul 6, 2022
Merged

Chore: Fix CVE-2021-3918 #51745

merged 1 commit into from Jul 6, 2022

Conversation

jackw
Copy link
Contributor

@jackw jackw commented Jul 5, 2022
edited

What this PR does / why we need it:
This PR aims to fix a critical vulnerability reported in json-schema which appears to be a nested dependency of blink-diff used by the snapshot testing feature of @grafana/e2e.

yarn why json-schema -R
├─ @grafana/e2e@workspace:packages/grafana-e2e
│  ├─ blink-diff@npm:1.0.13 (via npm:1.0.13)
│  │  └─ pngjs-image@npm:0.11.7 (via npm:~0.11.5)
│  │     └─ request@npm:2.88.2 (via npm:^2.55.0)
│  │        └─ http-signature@npm:1.2.0 (via npm:~1.2.0)
│  │           └─ jsprim@npm:1.4.1 (via npm:^1.2.2)
│  │              └─ json-schema@npm:0.2.3 (via npm:0.2.3)
│  └─ cypress@npm:9.5.1 (via npm:9.5.1)
│     └─ @cypress/request@npm:2.88.10 (via npm:^2.88.10)
│        └─ http-signature@npm:1.3.6 (via npm:~1.3.6)
│           └─ jsprim@npm:2.0.2 (via npm:^2.0.2)
│              └─ json-schema@npm:0.4.0 (via npm:0.4.0)
│
└─ grafana@workspace:.
   ├─ @grafana/e2e@workspace:packages/grafana-e2e (via workspace:*)

Forced resolution by running yarn set resolution json-schema@npm:0.2.3 0.4.0

@jackw jackw added this to the 9.0.3 milestone Jul 5, 2022
@jackw jackw self-assigned this Jul 5, 2022
@jackw jackw requested review from a team and zoltanbedi and removed request for a team July 5, 2022 14:50
@jackw jackw added the dependencies Pull requests that update a dependency file label Jul 5, 2022
@jackw jackw merged commit 73e7a1c into main Jul 6, 2022
@jackw jackw deleted the jackw/json-schema-resolution branch July 6, 2022 09:16
@grafanabot grafanabot mentioned this pull request Jul 6, 2022
Merged
grafanabot pushed a commit that referenced this pull request Jul 6, 2022
@jackw @grafanabot
Chore: Fix CVE-2021-3918 (#51745)
98ff672 
(cherry picked from commit 73e7a1c)
jackw added a commit that referenced this pull request Jul 7, 2022
@grafanabot @jackw
Chore: Fix CVE-2021-3918 (#51745) (#51791)
5f8a71e 
(cherry picked from commit 73e7a1c)

Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zoltanbedi zoltanbedi zoltanbedi approved these changes

Assignees

@jackw jackw

Labels
add to changelog area/frontend area/grafana/e2e area/security backport v9.0.x dependencies Pull requests that update a dependency file enterprise-ok
Projects
Frontend Ops
Status: Done
Milestone
9.0.3
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jackw @zoltanbedi @grafanabot