-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patch Updating Postcss to solve CVE vulnerabity #1489
Conversation
Codecov Report
@@ Coverage Diff @@
## dev #1489 +/- ##
=======================================
Coverage 91.48% 91.48%
=======================================
Files 29 29
Lines 4617 4617
=======================================
Hits 4224 4224
Misses 393 393 |
@rv0lt Did you also revert the manual change you had done for the package? |
Yes, I undo the change (I only modified one line of packages.json) and then run |
Just to double check: |
Nop. And also, In this case npm audit fix (without force) will only safely update postcss. That is why I made the distinction with it and the other modules |
I'm not sure I follow. You split up the change with the other modules as you mentioned before but just to check here -- are we certain that this upgrade of the postcss does not break any other packages? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems to work as it should, and changelog didn't include any strange changes.
Read this before submitting the PR
If there is a field which you are unsure about, enter the edit mode of this description or go to the PR template; There are invisible comments providing descriptions which may be of help.
1. Description / Summary
Patch update of postcss from 8.4.28 to 8.4.31 to solve related CVE
PostCSS is Node package (used for the web functionalities) to parse JavaScript code into CSS. we use it for the styles.
The changes in the package are minor, therefore nothing should get affected
Changelog
The update was done execution inside /dds_web/static:
npm update postcss --save
Which safely identified the version 8.4.31 to update
2. Jira task / GitHub issue
https://scilifelab.atlassian.net/jira/software/projects/DDS/boards/13?selectedIssue=DDS-1812
3. Type of change
What type of change(s) does the PR contain?
Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.
4. Additional information
master
branch: _If checked, read the release instructions5. Actions / Scans
Check the boxes when the specified checks have passed.
For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.