Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #233

Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 1 vulnerabilities #233

wants to merge 1 commit into from

Conversation

patternfly-build
Copy link

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • packages/demo-app-ts/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		   738  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@patternfly-build
Copy link
Author

Preview: https://react-topology-pr-topology-233.surge.sh

@jeff-phillips-18
Copy link
Member

@dlabaj Did you test this when you approved? I have not yet but would like to make sure there are no issues prior to merge.

@dlabaj
Copy link
Contributor

dlabaj commented Feb 19, 2025

@jeff-phillips-18 Approved it last September and can't remember i would retest it again.

@jenny-s51 jenny-s51 self-requested a review February 19, 2025 14:19
dlabaj
dlabaj requested changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@dlabaj dlabaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to be retested before merging.

@jenny-s51 jenny-s51 mentioned this pull request Feb 19, 2025
Merged
7 tasks
jenny-s51
jenny-s51 reviewed Feb 19, 2025
View reviewed changes
Copy link
Collaborator

@jenny-s51 jenny-s51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested these version bumps for react-router and react-router-dom to v6 in the demo-app locally. Encountered build errors related to deprecated components in react-router, which have been renamed in v6. Closing this in favor of #275 which includes these updates.

@jenny-s51 jenny-s51 closed this Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jenny-s51 jenny-s51 jenny-s51 left review comments

@dlabaj dlabaj dlabaj requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@patternfly-build @jeff-phillips-18 @dlabaj @jenny-s51 @snyk-bot