Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce supply chain attacks vectors #2691

Merged
merged 4 commits into from
Dec 17, 2023
Merged

Reduce supply chain attacks vectors #2691

merged 4 commits into from
Dec 17, 2023

Conversation

tuyuribr
Copy link
Collaborator

@tuyuribr tuyuribr commented Dec 15, 2023
edited
Loading

PR Details

For some "smaller" dependencies we should hard-code specific versions to make it harder to make a supply chain attack

Types of changes

  • Dependency change
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

@tuyuribr
Reduce supply chain attacks vectors
c4537ec 
For some smallers dependencies we should hardcode specific versions to make it harder to make a supply chain attack
alechkos
alechkos reviewed Dec 15, 2023
View reviewed changes
package.json Outdated Show resolved Hide resolved
@alechkos alechkos enabled auto-merge (squash) December 15, 2023 22:06
@alechkos alechkos requested a review from aliyss December 16, 2023 16:13
shirser121
shirser121 approved these changes Dec 17, 2023
View reviewed changes
Copy link
Collaborator

@shirser121 shirser121 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, even we should update our dependencies

@alechkos alechkos merged commit 1e9b82b into main Dec 17, 2023
2 checks passed
@alechkos alechkos deleted the tuyuribr-patch-1 branch December 17, 2023 07:54
@chrishubert chrishubert mentioned this pull request Jul 1, 2024
Open
@steve-hb steve-hb mentioned this pull request Jul 1, 2024
Open
@dorndickence dorndickence mentioned this pull request Jul 1, 2024
Open
@ramonserrano76 ramonserrano76 mentioned this pull request Jul 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shirser121 shirser121 shirser121 approved these changes

@alechkos alechkos alechkos approved these changes

@aliyss aliyss Awaiting requested review from aliyss

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tuyuribr @shirser121 @alechkos