Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities 2 #1173

Merged
merged 11 commits into from
Mar 6, 2024
Merged

Vulnerabilities 2 #1173

merged 11 commits into from
Mar 6, 2024

Conversation

EmilyZhang777
Copy link
Contributor

@EmilyZhang777 EmilyZhang777 commented Mar 4, 2024
edited
Loading

Remove insecure document method and upgrade jambo to v1.12.5

J=VULN-37757

Spun up and verified test site. Although ElementRenderTarget doesn't seem to be used.

likimmy and others added 7 commits December 4, 2023 09:50
@likimmy
Implement playwright acceptance tests for vertical full page map (#1155)
1999838 
* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map

* Implement playwright acceptance tests for vertical full page map
@nmanu1
Merge master (v1.33.2) into develop (#1158)
7aff0d8 
Merge master (v1.33.2) into develop
@nmanu1
Merge master (v1.33.3) into develop (#1162)
819809a 
Merge master (v1.33.3) into develop
@github-actions
Merge master (v1.33.4) into develop (#1166)
f7363b3 
Merge master (v1.33.4) into develop
@nmanu1
Merge branch 'develop' into dev/merge-v1.33.5-b4bd5b5-into-develop
d31d26d
@nmanu1
Merge master (v1.33.5) into develop (#1172)
73edabd 
Merge master (v1.33.5) into develop
@EmilyZhang777
Resolve more vulnerabilities
e13db42
@coveralls
Copy link

coveralls commented Mar 4, 2024
edited
Loading

Coverage Status

coverage: 9.35%. remained the same
when pulling d6209e1 on dev/vulnerabilities-2
into b4bd5b5 on hotfix/v1.33.6.

vijay267
vijay267 reviewed Mar 5, 2024
View reviewed changes
Copy link
Contributor

@vijay267 vijay267 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo in "textContent"

nmanu1
nmanu1 reviewed Mar 5, 2024
View reviewed changes
Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are we planning on releasing a new version for this fix?

@EmilyZhang777
Copy link
Contributor Author

are we planning on releasing a new version for this fix?

I was thinking about putting it in a hotfix. What do you think?

@nmanu1
Copy link
Contributor

nmanu1 commented Mar 5, 2024

I was thinking about putting it in a hotfix. What do you think?

yeah, that works. we'll want to merge into a hotfix branch instead of develop then. we can also bump the jambo version to get the most recent vulnerability fixes

@EmilyZhang777 EmilyZhang777 changed the base branch from develop to hotfix/v1.33.6 March 5, 2024 21:08
@EmilyZhang777
Copy link
Contributor Author

I was thinking about putting it in a hotfix. What do you think?

yeah, that works. we'll want to merge into a hotfix branch instead of develop then. we can also bump the jambo version to get the most recent vulnerability fixes

updated!

@EmilyZhang777
Upgrade jambo
30e60ec 
ran `npm run setup-test-site`, `npm run build-test-site`, and `npm run serve-test-site`.
`jambo` command is used when setting up test-site.
nmanu1
nmanu1 reviewed Mar 6, 2024
View reviewed changes
Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To bump jambo, you should update both the top-level package.json and static/package.json, as well as their respective package-locks

nmanu1
nmanu1 approved these changes Mar 6, 2024
View reviewed changes
Copy link
Contributor

@nmanu1 nmanu1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm as long as the jambo testing was successful after bumping the version in the static/package.json!

also, can you update the PR description?

@EmilyZhang777 EmilyZhang777 changed the title Remove Insecure Document Method Vulnerabilities 2 Mar 6, 2024
@EmilyZhang777 EmilyZhang777 merged commit be7c713 into hotfix/v1.33.6 Mar 6, 2024
15 of 16 checks passed
@EmilyZhang777 EmilyZhang777 deleted the dev/vulnerabilities-2 branch March 6, 2024 20:17
This was referenced Mar 6, 2024
Closed
Merged
EmilyZhang777 added a commit that referenced this pull request Mar 7, 2024
@EmilyZhang777
Merge pull request #1176 from yext/hotfix/v1.33.6
6386faf 
### Fixes
- Remove insecure document method and upgrade jambo to v1.12.5 (#1173)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vijay267 vijay267 vijay267 left review comments

@nmanu1 nmanu1 nmanu1 approved these changes

Assignees

@vijay267 vijay267

@jesuyedavid jesuyedavid

@sahilvaidya sahilvaidya

@k-gerner k-gerner

@nmanu1 nmanu1

@Fondryext Fondryext

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@EmilyZhang777 @coveralls @nmanu1 @vijay267 @jesuyedavid @sahilvaidya @k-gerner @Fondryext @likimmy