Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Npm Indirect Vulnerabilities Fixes #324

Closed
wants to merge 103 commits into from
Closed

Npm Indirect Vulnerabilities Fixes #324

wants to merge 103 commits into from

Conversation

EyalDelarea
Copy link
Contributor

@EyalDelarea EyalDelarea commented May 2, 2023
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

Npm Indirect Vulnerabilities Fixes

This update will attempt on fixing indirect vulnerabilities in npm.
There are some preconditions that must be met before it could happend, in case of failing the precondition a fix won't be suggested.

Preconditions:

  1. Package-lock file version 3 (The lockfile version used by npm v9. Backwards compatible to npm v7)
  2. Semantic version range should match the fix version:
    Example : ^1.2.3 -> 1.2.4 is valid
    1.2.3 -> cannot be updated

When fixing indirect dependency in npm the PR should contain changes only to the package lock file.

@EyalDelarea
add indirect dep fix
39b8ba1
@EyalDelarea
check caret
8e2ed1a
@EyalDelarea
go fix indirect dependencies
ec72b70
@EyalDelarea
improve skipped fixes logging
7eafd67
@EyalDelarea
remove unused var
2da379a
@EyalDelarea
implement go specific tests
54ad585
@EyalDelarea
add maven should not fix indirect test
3e0da46
@EyalDelarea
add python test should not fix indirect
82b4c02
@EyalDelarea
add comments
15904dc
@EyalDelarea
remove trim
073337c
@EyalDelarea
remove spaces
947aca6
@EyalDelarea
Make sure to push only the specified branch
e9fc66b
@EyalDelarea
CR notes
ac497af
@EyalDelarea
CR notes
4092cfb
@EyalDelarea
CR notes
72133b2
@EyalDelarea
Fix commit status log
6a46e4f
@EyalDelarea
pull from dev merge
2dbe998
@EyalDelarea
pull dev
705fc4b
@EyalDelarea
pull dev manual merge
7260618
@EyalDelarea
change comments
6d9ffdb
@EyalDelarea
adjust spaces
a50d289
@EyalDelarea
chdir back to project at the end of a test
933eb5d
@EyalDelarea
fix python test
4dab481
@EyalDelarea
improve existing branch logging
66880d3
@EyalDelarea
refactor createFixBranch function
4f87f89
@EyalDelarea
update log message
cc5a9fd
@EyalDelarea
refactor
78faeb8
@EyalDelarea
Merge branch 'fix_push_empty_local_branches' of https://github.com/Ey…
ada0fc8 
…alDelarea/frogbot into go_indirect_fixes
@EyalDelarea
get go package handler
3c9b3d1
@EyalDelarea
Merge branch 'dev' of https://github.com/jfrog/frogbot into go_indire…
9dc6d2b 
…ct_fixes
@EyalDelarea EyalDelarea marked this pull request as ready for review May 22, 2023 15:04
@EyalDelarea EyalDelarea added the safe to test Approve running integration tests on a pull request label May 22, 2023
@EyalDelarea EyalDelarea requested a review from eyalbe4 May 22, 2023 15:04
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label May 22, 2023
@github-actions
Copy link
Contributor

What is Frogbot?

@EyalDelarea EyalDelarea removed the request for review from eyalbe4 June 1, 2023 13:04
@EyalDelarea EyalDelarea marked this pull request as draft June 22, 2023 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
new feature Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@EyalDelarea