Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[examples] Update remark dependency for blog-starter #33313

Merged
merged 2 commits into from
Jan 14, 2022
Merged

[examples] Update remark dependency for blog-starter #33313

merged 2 commits into from
Jan 14, 2022

Conversation

jonrosner
Copy link
Contributor

@jonrosner jonrosner commented Jan 14, 2022
edited

Upgrade remark-html dependency to resolve the critical vulnerability.

Newer versions like 15.0.1 do not work with this example but version 13.0.2 fixes the security issue and still works.

                       === npm audit security report ===

# Run  npm install remark-html@15.0.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Unsafe defaults in `remark-html`                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-9q5w-79cv-947m            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Bug

  • Related issues linked using fixes #number
  • Integration tests added
  • Errors have helpful link attached, see contributing.md

Feature

  • Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
  • Related issues linked using fixes #number
  • Integration tests added
  • Documentation added
  • Telemetry added. In case of a feature if it's used or not.
  • Errors have helpful link attached, see contributing.md

Documentation / Examples

  • Make sure the linting passes by running yarn lint

@jonrosner
Update package.json
be2bb28 
Upgrade remark-html dependency to resolve the critical vulnerability.

                       === npm audit security report ===

# Run  npm install remark-html@15.0.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Unsafe defaults in `remark-html`                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ GHSA-9q5w-79cv-947m            │
└───────────────┴──────────────────────────────────────────────────────────────┘
@ijjk ijjk added the examples Issue/PR related to examples label Jan 14, 2022
leerob
leerob approved these changes Jan 14, 2022
View reviewed changes
Copy link
Member

@leerob leerob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@leerob leerob changed the title Update package.json [examplesUpdate remark dependency for blog-starter Jan 14, 2022
@leerob leerob changed the title [examplesUpdate remark dependency for blog-starter [examples] Update remark dependency for blog-starter Jan 14, 2022
@kodiakhq kodiakhq bot merged commit 89b8d58 into vercel:canary Jan 14, 2022
@vercel vercel locked as resolved and limited conversation to collaborators Feb 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@leerob leerob leerob approved these changes

@ijjk ijjk Awaiting requested review from ijjk

@shuding shuding Awaiting requested review from shuding

@steven-tey steven-tey Awaiting requested review from steven-tey

@timneutkens timneutkens Awaiting requested review from timneutkens

Assignees
No one assigned
Labels
examples Issue/PR related to examples
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jonrosner @leerob @ijjk