Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt component detection in CI pipeline #5354

Closed
boydc2014 opened this issue Mar 25, 2021 · 2 comments · Fixed by #5776
Closed

Adopt component detection in CI pipeline #5354

boydc2014 opened this issue Mar 25, 2021 · 2 comments · Fixed by #5776
Assignees
@mrivera-ms
Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.

Comments

@boydc2014
Copy link
Contributor

SDK repo should adopt the "component detection" to detect high risk dependencies. Like Composer does https://github.com/microsoft/BotFramework-Composer/pull/6547/checks?check_run_id=2188768283.

This will help SDK catch high-risk dependencies earlier and help prevent shipping it to customers including Composer.
@boydc2014 boydc2014 added feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team. labels Mar 25, 2021
@mrivera-ms mrivera-ms self-assigned this Apr 21, 2021
@mrivera-ms mrivera-ms assigned BruceHaley and unassigned mrivera-ms Jun 16, 2021
This was referenced Jun 17, 2021
Closed
Closed
Closed
Closed
Closed
Closed
@BruceHaley
Copy link
Contributor

This issue is fixed in PR #5695. However, the PR is not merged until the 5 detected critical and high severity vulnerabilities are fixed. Those 5 issues are listed above.

@BruceHaley BruceHaley assigned mrivera-ms and unassigned BruceHaley Jun 21, 2021
@BruceHaley
Copy link
Contributor

All 5 vulnerabilities listed above have been resolved. Specifically, they have been dismissed. There should now be no barriers to merging PR #5695

@BruceHaley BruceHaley mentioned this issue Jul 8, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrivera-ms mrivera-ms

Labels
feature-request A request for new functionality or an enhancement to an existing one. needs-triage The issue has just been created and it has not been reviewed by the team.
Projects
None yet
Milestone
No milestone
3 participants
@boydc2014 @BruceHaley @mrivera-ms