[Snyk] Security upgrade brandable_css from 0.0.39 to 0.1.0 #64
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: Id7fbee08e3ea563d2f2d804d198169745c8feb2f
Change-Id: I3b1a1630d4d7630465e1c202db18c3357ca61650
Change-Id: I294eb860fa2bfa313035bf52b9b8e85c9daafb06
Change-Id: I60eeadb7e75de08a96b56ff174ba85ea474054c5
Post grades lti tools will not allow section level assignment
posting, so we should disable their "post grades" buttons when a section
is selected. Pschool post grades jobs, on the other hand, do allow for
section level posting, so we should keep the pschool post grades button
available when properly configured sections are selected.
Test Plan:
* configure at least 1 sis_app post grades tool
* get local sisapp running
* /accounts/1/settings/configurations
* add app, by url http://<local sisapp>/post_grades/config.xml
* enable "post grades to sis" (pschool) feature option in settings
* configure at least 1 course
* configure at least 1 section with sis id
* configure at least 1 section without sis id
* add and publish at least 1 assignment for both the course and
section
* navigate to gradebook, and notice that "post grades" dropdown
appears
* pick section with sis ID
* lti tool post grades should become unavailable, but pschool button
should still be available
* pick section without sis ID
* neither post grades button should be available
closes CNVS-21938
Change-Id: Id1236bef304479e7043229687658faed483ad505
Reviewed-on: https://gerrit.instructure.com/58982
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: Ben Bolton <bbolton@instructure.com>
Product-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Change-Id: I69deacaa45d3a4b3582715bbe78eda08c4e614a8
Change-Id: I888c2ffc2075cddd2cb9a069d039996feea5d1d4
Change-Id: I6cfdb35983e56f533fd8d0fe245da5a962dacdaf
Change-Id: I3604cde8aa13cb1af8fcc91c483e7d3c665598fc
Fixes CNVS-22084 Test plan: - Create a course - Add some students to the course - Ensure that the course is unpublished - Create some groups in the course - Ensure that you can add and remove students to and from the groups in the course - Ensure you can otherwise manage groups as you would expect to be able to even though the course is unpublished Change-Id: I0c5ecd551c018f7bde08ffed566ecf3a15b8429a Reviewed-on: https://gerrit.instructure.com/59043 Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com> Tested-by: Jenkins Reviewed-by: Joel Hough <joel@instructure.com> Reviewed-by: Matthew Wheeler <mwheeler@instructure.com> QA-Review: Heath Hales <hhales@instructure.com> Product-Review: Peyton Craighill <pcraighill@instructure.com>
test plan: * should fix quiz question point importing * should also fix assignments for moodle 2.1 packages (import the packages references in the ticket) closes #CNVS-21870 #CNVS-21863 Change-Id: I6606721882f6e792b65bef0237c000441a9ba6d1 Reviewed-on: https://gerrit.instructure.com/59224 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <jeremy@instructure.com> QA-Review: Pedro Fajardo <pfajardo@instructure.com> Product-Review: James Williams <jamesw@instructure.com>
the way this was written, it used to fire off a promise for every brand all at the same time. I’ve changed it so the memory usage will be more like `k * <# variants>` instead of `<# of themes> * <# variants> * k` so it will stay constant (on my machine ~500mb) and not grow huge as we get more people that have made themes. (where k is the memory it takes to compile one sass file, and # themes is a constant, in our case 6. Change-Id: I1fa4b4410a1141b461019f0c614ba343ea73000c Reviewed-on: https://gerrit.instructure.com/59182 Tested-by: Jenkins Reviewed-by: Cody Cutrer <cody@instructure.com> Product-Review: Ryan Shaw <ryan@instructure.com> QA-Review: Ryan Shaw <ryan@instructure.com>
refs CNVS-21215 test plan - setup incoming mail processing - cause an email duplicate to be sent (Mail gem and a console are great for this. the message id has to be the same) - ensure that the response is not double posted in canvas Change-Id: I2e6872fa430b38b5dd9498ce8329bf2bbeeea7ce Reviewed-on: https://gerrit.instructure.com/57566 Tested-by: Jenkins Reviewed-by: Matthew Wheeler <mwheeler@instructure.com> Product-Review: Matthew Wheeler <mwheeler@instructure.com> QA-Review: Heath Hales <hhales@instructure.com>
Fixes CNVS-21220 Test Plan: Test with CNVS-21215 & 21218 Change-Id: I194e66e25cd3e85718381735055aa6bbec9c4936 Reviewed-on: https://gerrit.instructure.com/58636 Reviewed-by: Joel Hough <joel@instructure.com> Product-Review: Matthew Wheeler <mwheeler@instructure.com> QA-Review: Heath Hales <hhales@instructure.com> Tested-by: Jenkins
fixes: CNVS-22155 see: ryankshaw/brandable_css@e1b5a8e?diff=unified#diff-2b4ca49d4bb0a774c4d4c1672d7aa781R23 test plan: say the path to your canvas-lms repos is in /Users/ryan/code/canvas-lms make a symlink that points to that in: /Users/ryan/current run `brandable_css` it should work Change-Id: I1f732a53e56ea376efe6cd7d54b3ae52178ac025 Reviewed-on: https://gerrit.instructure.com/59342 Reviewed-by: Cody Cutrer <cody@instructure.com> Tested-by: Jenkins QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Ryan Shaw <ryan@instructure.com>
test plan:
* first, clear out all the cdn assets on your test
s3 bucket by running this in rails console:
Canvas::CDN::S3Uploader.new.bucket.objects.with_prefix('dist').delete_all
* compile_assets
* run bundle exec rake canvas:cdn:upload_to_s3
* access canvas in your browser
* on js/css/image assets (like common-xxxxx.js)
you should see a "max age 1 year" header
Change-Id: I7847e614a0e3066686bda32f8854263f78cc168f
Reviewed-on: https://gerrit.instructure.com/59184
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
...because apparently "it's preloading. for autoloading, CDN will look for cdn or c_d_n. then in prod mode, it's somewhat different. like autoloading is disabled? and it just pre-requires everything in the autoload dirs" test plan: run `RAILS_ENV=production bundle exec rake canvas:cdn:upload_to_s3` it should work Change-Id: I5deed1cc2b9daa678465b174af320cf1724fea8c Reviewed-on: https://gerrit.instructure.com/59341 Reviewed-by: James Williams <jamesw@instructure.com> Tested-by: Jenkins QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Ryan Shaw <ryan@instructure.com>
fixes CNVS-21883 Change-Id: Ic65ae6db130d12c3a4ef96d6559981bb893fb6ff Reviewed-on: https://gerrit.instructure.com/59149 Reviewed-by: Spencer Olson <solson@instructure.com> Tested-by: Jenkins QA-Review: Nathan Rogowski <nathan@instructure.com> Product-Review: Dylan Ross <dross@instructure.com>
Fix boolean checks so api submission index returns an empty array to a student that has no submissions Fixes MBL-4441 Test plan - create a quiz - create a student - as the student make an api request for the student's submissions - should get empty array not 401 Change-Id: Ie73c1cb00c40fc5d884664bf676d1c305218ff8f Reviewed-on: https://gerrit.instructure.com/59201 Reviewed-by: Ryan Taylor <rtaylor@instructure.com> Tested-by: Jenkins QA-Review: Michael Hargiss <mhargiss@instructure.com> Product-Review: Brian Finney <bfinney@instructure.com>
Fixes CNVS-22084 Test plan: - Create a course - Add some students to the course - Ensure that the course is unpublished - Create some groups in the course - Ensure that you can add and remove students to and from the groups in the course - Ensure you can otherwise manage groups as you would expect to be able to even though the course is unpublished Change-Id: I0c5ecd551c018f7bde08ffed566ecf3a15b8429a Reviewed-on: https://gerrit.instructure.com/59043 Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com> Tested-by: Jenkins Reviewed-by: Joel Hough <joel@instructure.com> Reviewed-by: Matthew Wheeler <mwheeler@instructure.com> QA-Review: Heath Hales <hhales@instructure.com> Product-Review: Peyton Craighill <pcraighill@instructure.com>
Reduces the scope of information returned unnecessarily.
Closes CNVS-22197
Test Plan:
- Confirm there is no answer weights or exact numerical answers data
leaked via POST events to the /api/v1/quiz_submissions/:id/questions
answering event.
Change-Id: Icfd85b6b669b3a61a1acc503b52c78ba346bfb19
Reviewed-on: https://gerrit.instructure.com/59359
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
Tested-by: Jenkins
QA-Review: Derek Hansen <dhansen@instructure.com>
Product-Review: Ryan Taylor <rtaylor@instructure.com>
Reduces the scope of information returned unnecessarily.
Closes CNVS-22197
Test Plan:
- Confirm there is no answer weights or exact numerical answers data
leaked via POST events to the /api/v1/quiz_submissions/:id/questions
answering event.
Change-Id: Icfd85b6b669b3a61a1acc503b52c78ba346bfb19
Reviewed-on: https://gerrit.instructure.com/59359
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
Tested-by: Jenkins
QA-Review: Derek Hansen <dhansen@instructure.com>
Product-Review: Ryan Taylor <rtaylor@instructure.com>
Change-Id: I132d8eb1d3e23be2adbc123395b73cab7d1789bc
closes #CNVS-21870 frd Change-Id: I94a4b1794ada6af444647e6a8dbb06874d2e25f7 Reviewed-on: https://gerrit.instructure.com/59354 Reviewed-by: Dan Minkevitch <dan@instructure.com> Product-Review: Dan Minkevitch <dan@instructure.com> Tested-by: Jenkins QA-Review: Pedro Fajardo <pfajardo@instructure.com>
fixes CNVS-22073
test plan:
- go to theme editor
- add an image and then undo
having added that image
- if that is the only thing youve
changed so far, you do not get
a preview button
- once you change something else
you can hit preview and it saves
properly
- apply theme with a non-default image
- go to the editor and change back
to default
- you get an option to preview with
the default
- preview is successful
- color & image changes act normally
Change-Id: Ia5de701177137625e65434ac316c22aec0e1dd39
Reviewed-on: https://gerrit.instructure.com/59056
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Reviewed-by: Jennifer Stern <jstern@instructure.com>
Product-Review: Jennifer Stern <jstern@instructure.com>
Tested-by: Jenkins
fixes: CNVS-22185 Because the the update_progress callback from the upload_to_s3 callback was happening inside a Parallel.each thread, we'd get random errors where it ran out of active record postgres connections. eg: ActiveRecord::ConnectionTimeoutError could not obtain a database connection within 5 seconds (waited 5.000153379 seconds). The max pool size is currently 5; consider increasing it. the fix is to call the callback on the main thread so any db queries are happening from the normal rails thread. also, this adds a progress bar so if you run this from the command line, you'll get a nice progress bar like https://files.slack.com/files-pri/T028ZAGUD-F0896CFR9/screen_shot_2015-07-28_at_10.19.36_am.png so that when deployers run the: `rake brand_configs:generate_and_upload_all` task, which takes a long time, they have an idea of how long it is going to take test plan: note:this is something that only broke on beta and not on local machines so to test that this fixes it, you kinda need to just run it there: * open theme editor * make a change * hit preview * it should not say there was an error Change-Id: Ife052ab9573aa677d49d8e5e6c637b0faa2b116e Reviewed-on: https://gerrit.instructure.com/59407 Reviewed-by: Mike Nomitch <mnomitch@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Tested-by: Jenkins Product-Review: Ryan Shaw <ryan@instructure.com>
This reverts commit 597abe9. Fixes CNVS-22183 Test Plan: * Navigate to Scheduler * Click on "Create an Appointment Group" * Verify there is both a Save & Publish button and a Save button * Verify the Save & Publish button is blue, and the save button looks less eye-catching * Add the Appointment group to a course calendar and click the Save button * Verify the appointment is saved and displays on the list of appointment groups * Log in as a student in the course * Verify a student cannot see and interact with the appointment group * Log back in as a teacher, edit the Appointment group, and click Save and Publish * Log back in as a student in the course * Verify the student can now see and interact with the appointment group Change-Id: I26663df508c8b4024b50f1cbe0c561ca3fb8ac31 Reviewed-on: https://gerrit.instructure.com/59404 Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com> QA-Review: Heath Hales <hhales@instructure.com> Product-Review: Steven Shepherd <sshepherd@instructure.com> Tested-by: Jenkins
refs CNVS-21431, CNVS-21425 Test scenarios: https://gist.github.com/junyper/7481e6a2b65a1b799bad Change-Id: I28b24bce592952acfd33cb1303496b8178f0d4b4 Reviewed-on: https://gerrit.instructure.com/58780 QA-Review: Jeremy Putnam <jeremyp@instructure.com> Tested-by: Jenkins Reviewed-by: Colleen Palmer <colleen@instructure.com> Product-Review: Jennifer Stern <jstern@instructure.com> Reviewed-by: Ryan Shaw <ryan@instructure.com> Conflicts: app/jsx/theme_editor/ThemeEditor.jsx
closes #CNVS-21870 frd Change-Id: I94a4b1794ada6af444647e6a8dbb06874d2e25f7 Reviewed-on: https://gerrit.instructure.com/59354 Reviewed-by: Dan Minkevitch <dan@instructure.com> Product-Review: Dan Minkevitch <dan@instructure.com> Tested-by: Jenkins QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Fixes CNVS-22170 Test plan: - Create a quiz - Set a answer comment to `">'><img src=x onerror=alert(3)>` - Take the test and view the resulting answer comment every where you can find it - Try lots of other forms of html to try and execute javascript Change-Id: I209b266a648810763e03b602790001034815b44f Reviewed-on: https://gerrit.instructure.com/59457 Reviewed-by: Cameron Sutter <csutter@instructure.com> Tested-by: Jenkins QA-Review: Adam Stone <astone@instructure.com> Product-Review: Cameron Sutter <csutter@instructure.com>
Change-Id: I4900e1f982b4e5b98f45898fd1e3e114dea0b858
closes: CNVS-22368 When a student only has enrollments in unpublished courses, they do not see a courses global nav link. The link is needed to get to "all courses" and see their enrollments. this changes things so the "courses" menu is always shown. that way those users will be able to get to that "all courses" link Product / UX/UI review question: This is just one possible way of fixing this problem. the other thing we could do is to leave it how it was but do a second, more expensive DB query to see if there are any of those unpublished or archived courses that I can see on the /courses page but not in the course menu. in standup, we agreed to do it like this but if any of you feel strongly that we should do it the other way, that's fine too. test plan: Add a new user Enroll them in an unpublished course Masquerade as the new user, click the courses global nav option you should see the "all courses" link in the tray popup Change-Id: I140dbc4f4d2852c386cc57cac3f2afec6ef62979 Reviewed-on: https://gerrit.instructure.com/60233 Tested-by: Jenkins Reviewed-by: Clay Diffrient <cdiffrient@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Reviewed-by: Rob Orton <rob@instructure.com> Product-Review: Ryan Shaw <ryan@instructure.com>
closes #CNVS-22718 Change-Id: Ibccf62c76230ca665a043eb423fe88c7b8be5b00 Reviewed-on: https://gerrit.instructure.com/61745 Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins Product-Review: James Williams <jamesw@instructure.com> QA-Review: James Williams <jamesw@instructure.com>
fixes CNVS-22527 test-plan: - when "Updated Terms of Use" page displays, should not include any custom account CSS Change-Id: I98bcc48e1bf4f281ee34db8ee50ed204defc437d Reviewed-on: https://gerrit.instructure.com/61659 Reviewed-by: Rob Orton <rob@instructure.com> Product-Review: Colleen Palmer <colleen@instructure.com> Reviewed-by: Ryan Shaw <ryan@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com>
we already have logic in Canvas::Security to protect us against brute force, and AuthLogic is just checking the updated_at to see if they can attempt to login again if failed_login attempts is over 50 fixes CNVS-22681 test plan - update a pseudonyms failed_login_count to > 50 - p = Pseudonym.last - p.failed_login_count = 54 - p.save! - attempt to login - it should work Change-Id: I72ebf54306c4fe6bd46d172d31b8f732555107a7 Reviewed-on: https://gerrit.instructure.com/61595 Tested-by: Jenkins Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Jacob Fugal <jacob@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Rob Orton <rob@instructure.com>
Closes CNVS-21521
Test Plan:
- Regression test that due_dates, closing "end_at" dates and all
things quiz time limits/moderation are all good.
- Good luck!
Change-Id: Id5ad6c0028e06e67caea28fce514190730a02e44
Reviewed-on: https://gerrit.instructure.com/59020
Tested-by: Jenkins
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Product-Review: Pedro Fajardo <pfajardo@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Change-Id: I010880cce15d3d241b5849ed40a6895aeebe3190
Treesame-Commit-Id: 3a552f3
Treesame-Commit-Id: d0a254f
Treesame-Commit-Id: 3a552f3
Kenneth tools relies on this path being on the page in order for their stuff to work. This brings back the html elementpath below tinymce, but hides it using css from the UI so it isn't visible. closes: CNVS-22759 Test Plan: - Open up a view that had TinyMCE - You should not see any html elementpath below the editor Example with path: http://cl.ly/image/1O3u3J3j361w Example without path: http://cl.ly/image/050n0Q1B1P2g Change-Id: I93e7fa65c1d05a105c7e80e7b65ba4e4176fec4e Reviewed-on: https://gerrit.instructure.com/61956 Reviewed-by: Mike Nomitch <mnomitch@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Stephen Jensen <sejensen@instructure.com> Reviewed-by: Ryan Shaw <ryan@instructure.com> Tested-by: Jenkins
Treesame-Commit-Id: 496ec72
Treesame-Commit-Id: d0a254f
Change-Id: I78b3422a91c6cce7f30b42b389bbb5e99af7f002
in massively sharded databases where there's a type for every table, this reduces the number of rows queried and unused... massively Change-Id: Ib9bcf70d060f5ba48ebedaa7108d9d364430c638 Reviewed-on: https://gerrit.instructure.com/61975 Tested-by: Jenkins Reviewed-by: Brian Palmer <brianp@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com> QA-Review: Cody Cutrer <cody@instructure.com>
closes: CNVS-22806 Test Plan: - Go to tinymce editor - Make sure html path shows below editor Change-Id: Ieafda7d14abe097c3c233cf397b4d844cc63fea0 Reviewed-on: https://gerrit.instructure.com/62012 Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
Change-Id: I8ee23b0ddac2e56b21aaa87e0e0033a7eda5ade7 Reviewed-on: https://gerrit.instructure.com/62087 Reviewed-by: Clay Diffrient <cdiffrient@instructure.com> Product-Review: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
Change-Id: I0d4b2fc27daa7138719699153ee29cc2ee23f4fe Reviewed-on: https://gerrit.instructure.com/62088 Reviewed-by: Jacob Fugal <jacob@instructure.com> Product-Review: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
Rectifies a regression in the the recent refactoring of quiz eligibility. Closes CNVS-22755 Test Plan: - Create a quiz with 2 allowed attempts - Take it twice and see no "Take the Quiz Again" button on completion. Change-Id: Ifc4f503746f64b0083365bd394e71e8c6e0d97e8 Reviewed-on: https://gerrit.instructure.com/61951 Tested-by: Jenkins Reviewed-by: Matt Berns <mberns@instructure.com> QA-Review: Pedro Fajardo <pfajardo@instructure.com> QA-Review: Adam Stone <astone@instructure.com> Product-Review: Simon Williams <simon@instructure.com>
fixes CNVS-22834 Change-Id: I64c4ec47343ad34852691cb94271e98f5d1d65f8 Reviewed-on: https://gerrit.instructure.com/62091 Reviewed-by: Simon Williams <simon@instructure.com> Product-Review: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
fixes CNVS-22655 fixes CNVS-22833 the can_take_quiz? method renders an access_code restriction template or an ip restriction template if those things are required for the quiz. previously, those were presented when trying to take the quiz, but a recent change made it so that they were presented when simply trying to view the quiz. this reverts to the previous behavior. test plan: - as a teacher, create an access code or ip restricted quiz, publish it - as a student, you should be able to view the quiz without being prompted for an access code (or from an invalid ip) - as a student, when trying to take the quiz, the restrictions should apply correctly - as a student who meets the restrictions, you should be able to take the quiz Change-Id: Iedc78c3728501da56710e00857527a7323633eeb Reviewed-on: https://gerrit.instructure.com/62089 Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Adam Stone <astone@instructure.com> QA-Review: Pedro Fajardo <pfajardo@instructure.com> Product-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
Treesame-Commit-Id: caf5d63
Treesame-Commit-Id: caf5d63
test plan: * using the respondus lockdown browser, should be able to log out after submitting a quiz requiring the lockdown browser closes #CNVS-22838 Change-Id: If7b28977fe9ed51444fca145b841cc15ca71eb49 Reviewed-on: https://gerrit.instructure.com/62099 Reviewed-by: Rob Orton <rob@instructure.com> Product-Review: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Tested-by: Rob Orton <rob@instructure.com>
Change-Id: Iaaecbd8562d265af8e9d6a54c9b3b9af4cebc6f7
fixes CNVS-22607 Test plan: * set up a section limited TA * download gradebook csv * ensure you can only see students in your section Change-Id: I20c67d832f7cb234f7527d53747770c0092e9a0d Reviewed-on: https://gerrit.instructure.com/61886 Reviewed-by: Dylan Ross <dross@instructure.com> QA-Review: Derek Hansen <dhansen@instructure.com> Tested-by: Jenkins Product-Review: Cameron Matheson <cameron@instructure.com>
fixes CNVS-22845 Test Plan: * Create a user with a sis id, create another user without a sis id * Add both users to a course with any role * Once added select the gear icon for both students * They should both have the option to "Remove From Course" Change-Id: Ia7c663ae02a1c91334e6d00614faa31c94f1ab40 Reviewed-on: https://gerrit.instructure.com/62151 Tested-by: Jenkins Reviewed-by: James Williams <jamesw@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com> Product-Review: Dan Minkevitch <dan@instructure.com>
Treesame-Commit-Id: c856b5f
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 3.5
SNYK-JS-DEBUG-3227433
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: brandable_css
The new version differs by 79 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)