-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update several dependencies #339
Conversation
Signed-off-by: Tyler Ohlsen <[email protected]>
Cypress tests failed, I'm unsure why JS 3.0 is now unavailable as the previous merged PR worked just fine:
|
Codecov Report
@@ Coverage Diff @@
## main #339 +/- ##
=======================================
Coverage 52.04% 52.04%
=======================================
Files 147 147
Lines 5015 5015
Branches 965 965
=======================================
Hits 2610 2610
Misses 2148 2148
Partials 257 257 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
This is due to the latest build not including JS because of some broken builds caused by opensearch-project/anomaly-detection#713. That issue needs to be addressed, and then later builds may include all plugins, including JS, when we can then retry the workflow |
are we trying to include this in 2.4? or is it okay to wait for AD fix so CI passes here? |
We can wait for the AD fix. Not needed in 2.4. |
It will be fixed in opensearch-project/anomaly-detection#714, and then after some time once the infra builds have AD and JS we can re-run CI here. |
opensearch-project/sql#1065 is still blocking a 3.0 build |
3.0 is consistently failing still - will go ahead and merge and re-run CI once there is an available build. |
Signed-off-by: Tyler Ohlsen <[email protected]> (cherry picked from commit a2474d6)
Signed-off-by: Tyler Ohlsen <[email protected]> (cherry picked from commit a2474d6)
Signed-off-by: Tyler Ohlsen [email protected]
Description
Updates several dependencies to resolve CVEs
ansi-regex
glob-parent
loader-utils
Note that these all come from upstream core Dashboards. They have been patched by adding them in a
resolutions
field inpackage.json
, which forces dependencies of all versions to resolve to a version that is patched. I've copied the versions directly from core Dashboards' package.json for version parity and to guarantee we have patched the CVEs for these. After updatingpackage.json
, I ranyarn osd bootstrap
to update the lockfile.We only need to backport to
2.x
such that the next releases will have these patches.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.