Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump: adal-node to 0.2.2 #3705

Merged
merged 1 commit into from
May 24, 2021
Merged

bump: adal-node to 0.2.2 #3705

merged 1 commit into from
May 24, 2021

Conversation

joshgummersall
Copy link
Contributor

Fixes #3704

@joshgummersall joshgummersall requested a review from stevengum as a code owner May 20, 2021 17:27
@coveralls
Copy link

coveralls commented May 20, 2021
edited
Loading

Pull Request Test Coverage Report for Build 861252474

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.003%) to 85.338%
Totals Coverage Status
Change from base Build 858620579: -0.003%
Covered Lines: 19233
Relevant Lines: 21433
💛 - Coveralls

@mdrichardson
Copy link
Contributor

Bump here, while we're at it?

@joshgummersall
Copy link
Contributor Author

I thought about it, but 1) it's a more significant version bump that I don't really know how to test, and 2) we don't publish the package (it's only consumed by botframework-connector via devDependencies). My goal is to remove the tools/ sub-tree entirely as soon as we get around to removing it from botframework-connector tests. I think it's only relied on for some logic-heavy nock tests.

@stevengum stevengum merged commit 5c7e1c5 into main May 24, 2021
@stevengum stevengum deleted the jpg/bump-adal-node-dep branch May 24, 2021 20:19
@gbartlett
Copy link

Thanks for doing this guys! I'm trying to finish a security vulnerability ticket for my company and would like to report when you are planning to do a new release for the 4.13.4 tag? When I update botframework-connector to 4.13.4 in my package.json it's still pulling in [email protected]. Thanks again 😄

joshgummersall added a commit that referenced this pull request May 26, 2021
@joshgummersall
bump: adal-node to 0.2.2 (#3705)
e14eeba 
Fixes #3704
joshgummersall added a commit that referenced this pull request May 27, 2021
@joshgummersall
cherrypick: changes for 4.13.5 (#3711)
0ee95d2 
* fix: named pipe issues (#3627)

* fix: named pipe issues

- Remove unnecessary autoReconnect logic
- Simplify connection management
- Properly support client reconnection to incoming/outgoing servers

* fix: PR comments, failing tests

* fix: "lock" sockets to mitigate split brain

* test: no split brain

* fix: reject listening only if server is listening

* fix: naming for clarity

* fix: clarify onListen doc string

* feat: retry helper, use for named pipes

* fix: handle retry edge cases

* bump: adal-node to 0.2.2 (#3705)

Fixes #3704

* fix: ignore node_modules declarative assets (#3709)

See microsoft/BotFramework-Composer#7916 for details.
@joshgummersall
Copy link
Contributor Author

@gbartlett 4.13.5 is now available on npm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevengum stevengum stevengum approved these changes

@mdrichardson mdrichardson mdrichardson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Vulnerability with adal-node dependency in botframework-connector
5 participants
@joshgummersall @coveralls @mdrichardson @gbartlett @stevengum