Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerabilities 2 #1173

Merged
merged 11 commits into from
Mar 6, 2024
Merged

Vulnerabilities 2 #1173

merged 11 commits into from
Mar 6, 2024

Conversation

EmilyZhang777
Copy link
Contributor

@EmilyZhang777 EmilyZhang777 commented Mar 4, 2024

Remove insecure document method and upgrade jambo to v1.12.5

J=VULN-37757

Spun up and verified test site. Although ElementRenderTarget doesn't seem to be used.

likimmy and others added 7 commits December 4, 2023 09:50
* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map
Merge master (v1.33.2) into develop
Merge master (v1.33.3) into develop
Merge master (v1.33.4) into develop
Merge master (v1.33.5) into develop
@coveralls
Copy link

coveralls commented Mar 4, 2024

Coverage Status

coverage: 9.35%. remained the same
when pulling d6209e1 on dev/vulnerabilities-2
into b4bd5b5 on hotfix/v1.33.6.

Copy link
Contributor

@vijay267 vijay267 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo in "textContent"

Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are we planning on releasing a new version for this fix?

@EmilyZhang777
Copy link
Contributor Author

are we planning on releasing a new version for this fix?

I was thinking about putting it in a hotfix. What do you think?

@nmanu1
Copy link
Contributor

nmanu1 commented Mar 5, 2024

I was thinking about putting it in a hotfix. What do you think?

yeah, that works. we'll want to merge into a hotfix branch instead of develop then. we can also bump the jambo version to get the most recent vulnerability fixes

@EmilyZhang777 EmilyZhang777 changed the base branch from develop to hotfix/v1.33.6 March 5, 2024 21:08
@EmilyZhang777
Copy link
Contributor Author

I was thinking about putting it in a hotfix. What do you think?

yeah, that works. we'll want to merge into a hotfix branch instead of develop then. we can also bump the jambo version to get the most recent vulnerability fixes

updated!

ran `npm run setup-test-site`, `npm run build-test-site`, and `npm run serve-test-site`.
`jambo` command is used when setting up test-site.
Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To bump jambo, you should update both the top-level package.json and static/package.json, as well as their respective package-locks

Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm as long as the jambo testing was successful after bumping the version in the static/package.json!

also, can you update the PR description?

@EmilyZhang777 EmilyZhang777 changed the title Remove Insecure Document Method Vulnerabilities 2 Mar 6, 2024
@EmilyZhang777 EmilyZhang777 merged commit be7c713 into hotfix/v1.33.6 Mar 6, 2024
15 of 16 checks passed
@EmilyZhang777 EmilyZhang777 deleted the dev/vulnerabilities-2 branch March 6, 2024 20:17
This was referenced Mar 6, 2024
EmilyZhang777 added a commit that referenced this pull request Mar 7, 2024
### Fixes
- Remove insecure document method and upgrade jambo to v1.12.5 (#1173)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

9 participants