-
Notifications
You must be signed in to change notification settings - Fork 906
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 #2166
Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 #2166
Conversation
Signed-off-by: CCongWang <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #2166 +/- ##
=======================================
Coverage 66.55% 66.55%
=======================================
Files 3170 3170
Lines 60318 60318
Branches 9181 9181
=======================================
+ Hits 40142 40146 +4
+ Misses 17983 17980 -3
+ Partials 2193 2192 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
package.json
Outdated
@@ -370,7 +370,7 @@ | |||
"exit-hook": "^2.2.0", | |||
"fetch-mock": "^7.3.9", | |||
"fp-ts": "^2.3.1", | |||
"geckodriver": "^3.0.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can backport it if we just handle it resolution
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can keep all the resolutions
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2166-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 06abe83e0180f391a84c742cf5594866bc747ea2
# Push it to GitHub
git push --set-upstream origin backport/backport-2166-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x Then, create a pull request where the |
…rch-project#2166) * Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 Signed-off-by: CCongWang <[email protected]> * Revert change to package.json * Update yarn.lock Signed-off-by: CCongWang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]>
…2397) * Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 Signed-off-by: CCongWang <[email protected]> * Revert change to package.json * Update yarn.lock Signed-off-by: CCongWang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]> Signed-off-by: CCongWang <[email protected]> Co-authored-by: Cong Wang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]>
…2397) * Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 Signed-off-by: CCongWang <[email protected]> * Revert change to package.json * Update yarn.lock Signed-off-by: CCongWang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]> Signed-off-by: CCongWang <[email protected]> Co-authored-by: Cong Wang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]> (cherry picked from commit 3aacdc3)
…2397) (#2405) * Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 * Revert change to package.json * Update yarn.lock Signed-off-by: CCongWang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]> Co-authored-by: Cong Wang <[email protected]> (cherry picked from commit 3aacdc3)
…rch-project#2166) * Upgrade geckodriver to 3.0.2 to partially fix CVE-2022-33987 Signed-off-by: CCongWang <[email protected]> * Revert change to package.json * Update yarn.lock Signed-off-by: CCongWang <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Ashwin P Chandran <[email protected]> Co-authored-by: Josh Romero <[email protected]> Signed-off-by: Sergey V. Osipov <[email protected]>
Signed-off-by: CCongWang [email protected]
Description
Upgrade geckodriver to 3.0.2 to use [email protected], which partially fix CVE-2022-33987
Issues Resolved
#1764
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr