fix: update got & remove outdated workaround #5437

tinfoil-knight · 2023-01-28T14:11:50Z

🎉 Thanks for submitting a pull request! 🎉

Summary

Partial fix to #4921 & #2744

This PR updates got to a non-vulnerable version & removes a workaround that's no longer needed after the update.

For us to review and ship your PR efficiently, please perform the following steps:

Open a bug/issue before writing your code 🧑‍💻. This ensures we can discuss the changes and get feedback from everyone that should be involved. If you`re fixing a typo or something that`s on fire 🔥 (e.g. incident related), you can skip this step.
Read the contribution guidelines 📖. This ensures your code follows our style guide and
passes our tests.
Update or add tests (if any source code was changed or added) 🧪
Update or add documentation (if features were changed or added) 📝
Make sure the status checks below are successful ✅

A picture of a cute animal (not mandatory, but encouraged)

tinfoil-knight · 2023-01-28T14:13:18Z

tests/integration/utils/got.cjs

@@ -20,19 +10,6 @@ const extendedGot = got.extend({
    statusCodes: STATUS_CODE,
  },
  timeout: TIMEOUT,
-  // TODO: remove when https://github.com/sindresorhus/got/issues/1489 is fixed


Note here: Issue was resolved in sindresorhus/got#2187 so this workaround suggested in sindresorhus/got#1489 (comment) is no longer needed.

github-actions · 2023-01-28T14:13:34Z

📊 Benchmark results

Comparing with 78a1932

Package size: 265 MB

(no change)

^  272 MB  272 MB                                                                                         
│   ┌──┐    ┌──┐   265 MB  265 MB  265 MB  265 MB  265 MB  265 MB  265 MB  265 MB  265 MB  265 MB  265 MB 
│   |  |    |  |    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐    ┌──┐  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
│   |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |  |    |▒▒|  
└───┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴────┴──┴──>
    T-12    T-11    T-10    T-9     T-8     T-7     T-6     T-5     T-4     T-3     T-2     T-1      T

Legend

T-30 (87adddc): 267 MB
T-29 (6d6531a): 267 MB
T-28 (f33c595): 267 MB
T-27 (6594da7): 267 MB
T-26 (22ecec6): 260 MB
T-25 (c7c5fff): 267 MB
T-24 (7e27e7a): 267 MB
T-23 (89754a1): 267 MB
T-22 (2aa9341): 267 MB
T-21 (734c23c): 267 MB
T-20 (e978613): 267 MB
T-19 (733c47e): 267 MB
T-18 (027efcf): 267 MB
T-17 (99305de): 267 MB
T-16 (3a9670b): 267 MB
T-15 (f9ff366): 267 MB
T-14 (384e168): 272 MB
T-13 (a0f3719): 272 MB
T-12 (8146b3d): 272 MB
T-11 (43e6f9e): 272 MB
T-10 (4600e9b): 265 MB
T-9 (b0a6c85): 265 MB
T-8 (70ef88c): 265 MB
T-7 (cfcee54): 265 MB
T-6 (63d415b): 265 MB
T-5 (83a81b1): 265 MB
T-4 (8fe8339): 265 MB
T-3 (21f413c): 265 MB
T-2 (68caa51): 265 MB
T-1 (78a1932): 265 MB
T (current commit): 265 MB

tinfoil-knight · 2023-01-28T14:19:35Z

Note:

This PR won't result in any change in npm audit's output since a few dependencies are still using vulnerable version of got but I was thinking about updating those dependencies in a separate PR instead.

danez · 2023-01-30T10:46:38Z

Really nice, thanks.

fix: update got & remove outdated workaround

07b1350

tinfoil-knight commented Jan 28, 2023

View reviewed changes

tinfoil-knight self-assigned this Jan 28, 2023

tinfoil-knight added the type: security code to address security issues label Jan 28, 2023

tinfoil-knight requested a review from danez January 28, 2023 14:20

danez approved these changes Jan 30, 2023

View reviewed changes

danez added the automerge Add to Kodiak auto merge queue label Jan 30, 2023

Merge branch 'main' into security-got

b51f737

kodiakhq bot merged commit 5eff7c1 into netlify:main Jan 30, 2023

token-generator-app bot mentioned this pull request Jan 30, 2023

chore(main): release 12.11.0 #5435

Merged

tinfoil-knight deleted the security-got branch January 30, 2023 12:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: update got & remove outdated workaround #5437

fix: update got & remove outdated workaround #5437

tinfoil-knight commented Jan 28, 2023 •

edited

tinfoil-knight Jan 28, 2023

github-actions bot commented Jan 28, 2023 •

edited

tinfoil-knight commented Jan 28, 2023

danez commented Jan 30, 2023

fix: update got & remove outdated workaround #5437

fix: update got & remove outdated workaround #5437

Conversation

tinfoil-knight commented Jan 28, 2023 • edited

Summary

tinfoil-knight Jan 28, 2023

Choose a reason for hiding this comment

github-actions bot commented Jan 28, 2023 • edited

📊 Benchmark results

Package size: 265 MB

tinfoil-knight commented Jan 28, 2023

danez commented Jan 30, 2023

tinfoil-knight commented Jan 28, 2023 •

edited

github-actions bot commented Jan 28, 2023 •

edited