Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

validator update from 9.0.0 to 13.7.0 #52

Merged
merged 4 commits into from
Dec 21, 2023
Merged

validator update from 9.0.0 to 13.7.0 #52

merged 4 commits into from
Dec 21, 2023

Conversation

Reni88
Copy link
Contributor

@Reni88 Reni88 commented Dec 14, 2023

Remediates CVE-2021-3765

@tejashah88
Copy link
Member

@mreinstein I've noticed that I don't see the CI action workflow executing when new PRs are made. Is this intentional?

@mreinstein
Copy link
Collaborator

Currently it only runs on pushes to themaster branch:

alexa-verifier-middleware/.github/workflows/main.yml

Lines 7 to 9 in 417f4eb

# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ master ]

@mreinstein
Copy link
Collaborator

I've updated the workflow to run on PR activity now.

@Reni88
Copy link
Contributor Author

Reni88 commented Dec 15, 2023

Hello. Hoping someone is already reviewing this PR.

@dblock
Copy link
Collaborator

dblock commented Dec 15, 2023

@Reni88 can you please rebase so we can see CI/CD kick after @mreinstein's fix of the workflow file?

dblock
dblock reviewed Dec 15, 2023
View reviewed changes
package-lock.json Outdated
@@ -1,12 +1,12 @@
{
"name": "alexa-verifier-middleware",
"version": "2.0.1",
"version": "2.0.2",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we had released 2.0.2 before, so this should be 2.0.3, the next developer iteration.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had changes this to 2.0.3

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I need to update package.json and changeLog too?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@Reni88
Update version
335f2bc 
Update version of alexa-verifier-middleware in package-lock.json
@Reni88
Update version of package.json
aac6038
@Reni88
Update CHANGELOG.md
e8d52e3 
Remediates CVE-2021-3765 by updating validator package version
@tejashah88
Copy link
Member

@dblock LGTM! You may merge when ready.

@dblock
Copy link
Collaborator

dblock commented Dec 21, 2023

@tejashah88 you too :)

@dblock dblock merged commit a39d305 into alexa-js:master Dec 21, 2023
1 check passed
@Reni88
Copy link
Contributor Author

Reni88 commented Dec 22, 2023

As this is merged, @tejashah88 or @dblock , when can we expect it'll be updated in npmjs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dblock dblock dblock left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Reni88 @tejashah88 @mreinstein @dblock