Thanks to visit codestin.com
Credit goes to github.com

Skip to content

W-11131367 Fix dependabot issues #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 12, 2022
Merged

W-11131367 Fix dependabot issues #92

merged 1 commit into from
May 12, 2022

Conversation

spelak_sfemu
Copy link
Mannequin

@spelak_sfemu spelak_sfemu mannequin commented May 11, 2022

GUS W-11131367

Fixes dependendabot issues:

Critical Changes

Changes

Issues Closed

New Metadata

Deleted Metadata

Definition of Done

Refer to Definition of Done to see any additional details for the items below:

  • Any net new LWC work has JEST test coverage 50% or above
  • Default Sa11y tests pass for all LWC components
  • 🔒 Secure both Front-end (LWC) & back-end (Apex) as necessary
  • 🔑 Grant users access in Permission Sets (Object, Field, Apex Class) as necessary
  • Link the pull request and work item by PR comment and Chatter post respectively, e.g. GUS: W-0000000: Work Name
  • Make sure that ACs are updated (if any gaps)
  • Add Open Source short version license if new files suppport inline comments. For more information check SHORT_VERSION_LICENSE_GUIDELINES readme.
  • All acceptance criteria have been met
    • Developer
    • Code Reviewer
  • Pull Request contains draft release notes
  • Labels, help text, and customer facing messages are reviewed by Docs
  • QE story level testing completed

@spelak-salesforce
W-11131367 Fix dependabot issues
ae05f41 
Fixes dependendabot issues:
- [Prototype Pollution in yargs-parser #9](https://github.com/SalesforceFoundation/OutboundFundsModuleSite/security/dependabot/9)
- [Exposure of sensitive information in follow-redirects #19](https://github.com/SalesforceFoundation/OutboundFundsModuleSite/security/dependabot/19)
- [Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects #21](https://github.com/SalesforceFoundation/OutboundFundsModuleSite/security/dependabot/21)
- [Prototype Pollution in minimist #23](https://github.com/SalesforceFoundation/OutboundFundsModuleSite/security/dependabot/23)
@spelak_sfemu spelak_sfemu mannequin added the ready for QE Ready for QE review label May 11, 2022
@spelak_sfemu spelak_sfemu mannequin self-assigned this May 11, 2022
@spelak_sfemu spelak_sfemu mannequin added the ready for RE review This Pull Request still needs a RE review. label May 11, 2022
@spelak_sfemu spelak_sfemu mannequin requested a review from ghost May 11, 2022 14:58
@ghost
Copy link

ghost commented May 11, 2022

This PR has been labeled as ready for Release Engineering review by
@spelak-salesforce.

spelak_sfemu
spelak_sfemu mannequin commented May 11, 2022
View reviewed changes
yarn.lock
decamelize "^1.2.0"

yargs-parser@^20.2.2:
yargs-parser@^10.0.0, yargs-parser@^18.1.2, yargs-parser@^20.2.2, yargs-parser@^21.0.0:
version "20.2.9"
Copy link
Mannequin Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes dependabot issue Prototype Pollution in yargs-parser #9.

spelak_sfemu
spelak_sfemu mannequin commented May 11, 2022
View reviewed changes
yarn.lock
version "1.14.6"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.6.tgz#8cfb281bbc035b3c067d6cd975b0f6ade6e855cd"
integrity sha512-fhUl5EwSJbbl8AR+uYL2KQDxLkdSjZGR36xy46AO7cOMTrCMON6Sa28FmAnC2tRTDbd/Uuzz3aJBv7EBN7JH8A==
version "1.15.0"
Copy link
Mannequin Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes dependabot issues Exposure of sensitive information in follow-redirects #19 and Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects #21.

spelak_sfemu
spelak_sfemu mannequin commented May 11, 2022
View reviewed changes
yarn.lock
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
minimist@^1.1.1, minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6:
version "1.2.6"
Copy link
Mannequin Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes dependabot issue Prototype Pollution in minimist #23.

@melody-yang_sfemu melody-yang_sfemu mannequin self-requested a review May 12, 2022 14:03
@melody-yang_sfemu
Copy link
Mannequin

melody-yang_sfemu mannequin commented May 12, 2022

Hi @davidjray this PR is ready for RE review. Can you please take a look when you get the chance? Thank you.

@melody-yang_sfemu melody-yang_sfemu mannequin added Integrate All reviews are complete and removed ready for QE Ready for QE review labels May 12, 2022
@spelak_sfemu spelak_sfemu mannequin merged commit 061db2a into main May 12, 2022
@spelak_sfemu spelak_sfemu mannequin deleted the feature/dependabot branch May 12, 2022 20:22
Repository owner unassigned spelak_sfemu Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghost ghost ghost approved these changes

@melody-yang_sfemu melody-yang_sfemu melody-yang_sfemu approved these changes

Assignees
No one assigned
Labels
Integrate All reviews are complete ready for RE review This Pull Request still needs a RE review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@spelak_sfemu @ghost @melody-yang_sfemu @spelak-salesforce