Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[All tasks] Resolve security alerts #341

Merged
merged 3 commits into from
May 11, 2022
Merged

[All tasks] Resolve security alerts #341

merged 3 commits into from
May 11, 2022

Conversation

alexander-smolyakov
Copy link
Contributor

Task name:

Description:
This PR should address several high and critical security alerts. The list of updated dependencies:

  • minimist: ^1.2.5" -> ^1.2.6
  • mocha: 6.1.4 -> ^9.2.2 (Note: it's not possible to bump to 10.0.0 version since Node14 is required)
  • tfx-cli: 0.10.0 -> ^0.11.0
  • tslint: 3.15.1 -> ^5.20.1

Changelog:

  • Applied npm audit fix command to update minimist and tfx-cli dependencies;
  • tslint updated up to 5.20.1;
  • tslint.json files were updated to remove unsupported linter rules;
  • Removed deprecated tslint rules;
  • mocha updated up to 9.2.2;
  • Applied npm update mkdirp --depth 2 command to resolve security alerts with minimist;

List of removed tslint rules:

  • label-undefined
  • no-duplicate-key
  • no-unreachable
  • no-unused-variable
  • no-use-before-declare

Documentation changes required: No

Added unit tests: No

Attached related issue: No

What testing was done:

  • All make commands were tested locally (build / test / create) all works as expected

Checklist:

  • Checked that applied changes work as expected

@alexander-smolyakov
Results of npm audit fix command
8ac5f2a
@alexander-smolyakov
Update tslint dependencies
93aa1bf 
Changelog:

- `tslint` updated up to `5.20.1`
- Removed deprecated `tslint` rules

List of removed rules:
- `label-undefined`
- `no-duplicate-key`
- `no-unreachable`
- `no-unused-variable`
- `no-use-before-declare`
@alexander-smolyakov
Update mocha dependency
ab42372 
- Bump `mocha` to `9.2.2`
- Run `npm update mkdirp --depth 2` command
anatolybolshakov
anatolybolshakov approved these changes May 4, 2022
View reviewed changes
Copy link
Contributor

@anatolybolshakov anatolybolshakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@KonstantinTyukalov KonstantinTyukalov requested a review from mmrazik May 7, 2022 17:32
@KonstantinTyukalov KonstantinTyukalov merged commit 8d3f54f into microsoft:master May 11, 2022
@alexander-smolyakov alexander-smolyakov deleted the users/alexander-smolyakov/fix213_resolve_remaining_security_alerts branch May 12, 2022 10:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KonstantinTyukalov KonstantinTyukalov KonstantinTyukalov approved these changes

@anatolybolshakov anatolybolshakov anatolybolshakov approved these changes

@mmrazik mmrazik mmrazik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexander-smolyakov @mmrazik @anatolybolshakov @KonstantinTyukalov