Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421 #3005

Merged

Conversation

aldousalvarez
Copy link
Contributor

@aldousalvarez aldousalvarez commented Jan 26, 2024

Commit to be reviewed


build(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421

Primary Changes
----------------
1. Updated the version of the base image that is used in the Dockerfile
2. Updated the Dockerfile to use the yarn version 3
3. Updated the README to the new command to run the container

Fixes #2745

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@aldousalvarez aldousalvarez changed the title tools(connector-besu): address CVEs: CVE-2022-21190, CVE-2023-36665, … fix(connector-besu): address CVEs: CVE-2022-21190, CVE-2023-36665, … Jan 29, 2024
@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2745 branch 2 times, most recently from 57dca71 to ff2219b Compare January 30, 2024 04:35
Copy link
Contributor

@jagpreetsinghsasan jagpreetsinghsasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez same comment as the other PR. Please update your PR description and commit message to an appropriate one.

@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2745 branch 2 times, most recently from 0f3e50b to 2246097 Compare February 2, 2024 08:43
@aldousalvarez aldousalvarez changed the title fix(connector-besu): address CVEs: CVE-2022-21190, CVE-2023-36665, … fix(besu): address: CVE-2022-21190, CVE-2023-36665, CVE-2022-2421 Feb 2, 2024
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez I recommend this as the commit message (I just renamed the issue to the same) then it has the maximum information and also does not diverge from the issue title and the conventions are satisfied AFAICT.

tools(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421

@petermetz petermetz changed the title fix(besu): address: CVE-2022-21190, CVE-2023-36665, CVE-2022-2421 tools(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421 Feb 7, 2024
@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2745 branch 2 times, most recently from fe37207 to 145eb61 Compare March 18, 2024 11:14
@aldousalvarez
Copy link
Contributor Author

aldousalvarez commented Mar 18, 2024

Hello @jagpreetsinghsasan already fixed it, thank you. Updated it also with the commit message that Peter has mentioned

@jagpreetsinghsasan
Copy link
Contributor

LGTM

@petermetz petermetz changed the title tools(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421 build(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421 Apr 5, 2024
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez Very sorry, I must've been very tired when I typed out that recommended commit message because it is also invalid...

Please try this instead: build(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421

@aldousalvarez
Copy link
Contributor Author

@petermetz No worries, Already updated it and re requested for review. Thank you

Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez LGTM thank you and sorry for the slow review on this one!

@petermetz
Copy link
Contributor

@jagpreetsinghsasan Were your change requests addressed to your satisfaction?

@jagpreetsinghsasan
Copy link
Contributor

@jagpreetsinghsasan Were your change requests addressed to your satisfaction?

Yes @petermetz , I have resolved those review comments. Its good to merge

@petermetz
Copy link
Contributor

@jagpreetsinghsasan Were your change requests addressed to your satisfaction?

Yes @petermetz , I have resolved those review comments. Its good to merge

@jagpreetsinghsasan Got it, thank you for confirming! I'll dismiss the review then.

@petermetz petermetz dismissed jagpreetsinghsasan’s stale review July 1, 2024 23:30

Confirmed with Jagpreet that issue was addressed.

Primary Changes
----------------
1. Updated the version of the base image that is used in the Dockerfile
2. Updated the Dockerfile to use the yarn version 4
3. Updated the README to the new command to run the container

Fixes hyperledger-cacti#2745

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
@petermetz petermetz merged commit bf92d3d into hyperledger-cacti:main Jul 1, 2024
147 of 151 checks passed
@petermetz petermetz deleted the aldousalvarez/issue2745 branch July 1, 2024 23:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

tools(connector-besu): fix CVE-2022-21190 CVE-2023-36665 CVE-2022-2421
4 participants