Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 - COMPASS-6966, COMPASS-6967, COMPASS-6969 #4634

Merged
merged 1 commit into from Jul 12, 2023
Merged

chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 - COMPASS-6966, COMPASS-6967, COMPASS-6969 #4634

merged 1 commit into from Jul 12, 2023

Conversation

himanshusinghs
Copy link
Contributor

@himanshusinghs himanshusinghs commented Jul 11, 2023
edited

Description

This PR addresses the following tickets:

semver backported the fix applied in 7.5.2 for the above mentioned vulnerability also to v5.x (in 5.7.2) and to v6.x (in 6.3.1). Since these versions were released ~18 hours ago, the snyk advisory hasn't catch up to the updated info which is why we are disabling this particular vulnerability in our snyk policy for a month.

Checklist

Motivation and Context

  • Bugfix
  • New feature
  • Dependency update
  • Misc

Open Questions

Dependents

Types of changes

  • Backport Needed
  • Patch (non-breaking change which fixes an issue)
  • Minor (non-breaking change which adds functionality)
  • Major (fix or feature that would cause existing functionality to change)

@himanshusinghs himanshusinghs added the no release notes Fix or feature not for release notes label Jul 11, 2023
@himanshusinghs himanshusinghs marked this pull request as ready for review July 11, 2023 14:01
@himanshusinghs
chore: updates semver and ignore semver vulnerability until Snyk is u…
1521791 
…pdated with the new info on the backported fixes
@himanshusinghs himanshusinghs changed the title chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 - COMPASS-6966, COMPASS-6967, COMPASS-6969 Jul 12, 2023
@himanshusinghs himanshusinghs merged commit 247cba5 into main Jul 12, 2023
17 checks passed
@himanshusinghs himanshusinghs deleted the chore/semver-update branch July 12, 2023 12:45
@himanshusinghs himanshusinghs added release notes and removed no release notes Fix or feature not for release notes labels Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@himanshusinghs