Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update selfsigned dependency for a security patch #2752

Closed
wants to merge 1 commit into from
Closed

chore: update selfsigned dependency for a security patch #2752

wants to merge 1 commit into from

Conversation

darthsoup
Copy link

  • This is a dependency update
  • This is a bugfix
  • This is a feature
  • This is a code refactor
  • This is a test update
  • This is a docs update
  • This is a metadata update

For Bugs and Features; did you add new tests?

Motivation / Use-Case

Security vulnerability in the selfsigned dependency caused by node-forge

Breaking Changes

Additional Info

@jsf-clabot
Copy link

jsf-clabot commented Oct 1, 2020
edited

CLA assistant check
All committers have signed the CLA.

@codecov
Copy link

codecov bot commented Oct 1, 2020
edited

Codecov Report

Merging #2752 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2752   +/-   ##
=======================================
  Coverage   93.77%   93.77%           
=======================================
  Files          34       34           
  Lines        1333     1333           
  Branches      381      381           
=======================================
  Hits         1250     1250           
  Misses         81       81           
  Partials        2        2

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ab1f21...955e2f1. Read the comment docs.

This was referenced Oct 1, 2020
Closed
Closed
@afdev82
Copy link

afdev82 commented Oct 5, 2020

any news on this? Thank you :)

@darthsoup
Copy link
Author

any news on this? Thank you :)

nope.... local testing works fine, unittests only crashes on azure testing instances

PS: sorry for the duplicated MR. I did not notice at first sight

This was referenced Oct 5, 2020
Merged
Merged
Merged
@cimm cimm mentioned this pull request Oct 22, 2020
Closed
1 task
@reginandrade
Copy link

is there an anticipated timeframe for fixing failing checks and getting this merged? thank you.

@smridge
Copy link

smridge commented Nov 11, 2020

CVE function in question does not appear to be directly used in this repo or forge
https://github.com/digitalbazaar/forge/blob/588c41062d9a13f8dc91be3723b159c6cc434b15/CHANGELOG.md#L11-L42 .

@hiroppy / @evilebottnawi / @Loonride thoughts on using yarn resolutions or the npm equivalent until this is merged?

@smridge
Copy link

smridge commented Nov 13, 2020

Apologies, I just realized this is a duplicate PR of #2740 & #2795 . Seems like using our own override in the interim would be the best solution until the CI gets fixed.

@ylemkimon ylemkimon mentioned this pull request Nov 13, 2020
Merged
6 tasks
@alexander-akait
Copy link
Member

Duplicate #2740

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexander-akait alexander-akait Awaiting requested review from alexander-akait alexander-akait is a code owner

@hiroppy hiroppy Awaiting requested review from hiroppy hiroppy is a code owner

@knagaitsev knagaitsev Awaiting requested review from knagaitsev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@darthsoup @jsf-clabot @afdev82 @reginandrade @smridge @alexander-akait