Skip to content

[chore] address security-related issues & bump shelljs #1001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kelset merged 5 commits into from
Feb 3, 2022
Merged

[chore] address security-related issues & bump shelljs #1001

kelset merged 5 commits into from
Feb 3, 2022

Conversation

@kelset
Copy link

@kelset kelset commented Feb 1, 2022
edited
Loading

Please select one of the following

  • I am removing an existing difference between facebook/react-native and microsoft/react-native-macos 👍
  • I am cherry-picking a change from Facebook's react-native into microsoft/react-native-macos 👍
  • I am making a fix / change for the macOS implementation of react-native
  • I am making a change required for Microsoft usage of react-native

Summary

While taking care of the dependabots alert, I noticed that the repo was in a bit of a weird state and there were a few extra yarn.lock that should have not been there in the first place (because the packages are part of the workspace as per root package.json). This would result in dependabot still analizing them and creating "false" alarms against stale files.

While doing so, I've also taken care of one of the last few alerts that were open about shelljs; we could wait for it to land in main upstream (see facebook#33001) but since it's potentially relevant I decided to do it.

Test Plan

CI passes

@kelset kelset requested a review from a team as a code owner February 1, 2022 14:36
@kelset kelset force-pushed the kelset/security-versions-bumps branch from 9688121 to 4409fbb Compare February 2, 2022 13:07
@kelset kelset force-pushed the kelset/security-versions-bumps branch from 4409fbb to 6879dcd Compare February 3, 2022 10:21
@kelset kelset merged commit f794feb into main Feb 3, 2022
@kelset kelset deleted the kelset/security-versions-bumps branch February 3, 2022 12:10
amgleitman pushed a commit to amgleitman/react-native-macos that referenced this pull request Apr 8, 2022
@kelset @amgleitman
[chore] address security-related issues & bump shelljs (microsoft#1001)
e08db16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Saadnajmi Saadnajmi Saadnajmi approved these changes

+1 more reviewer

@HeyImChris HeyImChris HeyImChris approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kelset @Saadnajmi @HeyImChris