Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump up the formidable package version. #10434

Closed
wants to merge 2 commits into from
Closed

Bump up the formidable package version. #10434

wants to merge 2 commits into from

Conversation

arikt-ms
Copy link
Contributor

Bump up the "formidable" package version to address a vulnerability issue

For more information about how to contribute to this repo, visit this page

Description

The currently used version of "formidable" package has a vulnerability bug which has been fixed in the latest version (3.2.4). Bumping up the version to the latest to address the vulnerability issue.

Steps to Reproduce Bug and Validate Solution

Only applicable if the work is to address a bug. Please remove this section if the work is for a feature or story
Provide details on the environment the bug is found, and detailed steps to recreate the bug.
This should be detailed enough for a team member to confirm that the bug no longer occurs

PR Checklist

Use the check-list below to ensure your branch is ready for PR. If the item is not applicable, leave it blank.

  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code follows the code style of this project.
  • I ran the lint checks which produced no new errors nor warnings for my changes.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.

Does this introduce a breaking change?

  • Yes
  • No

If this introduces a breaking change, please describe the impact and migration path for existing applications below.

Testing

  • Instructions for testing and validation of your code so the reviewer can follow those steps and validate code works as expected

Any relevant logs or outputs

  • Use this section to provide either screenshots or output of logs as code snippets

Other information or known dependencies

  • Any other information or known dependencies that is important to this PR.
  • TODO that are to be done after this PR.

@arikt-ms arikt-ms requested review from msfluid-bot and a team as code owners May 26, 2022 00:44
@github-actions github-actions bot added area: server Server related issues (routerlicious) dependencies Pull requests that update a dependency file base: main PRs targeted against main branch labels May 26, 2022
hedasilv
hedasilv approved these changes May 26, 2022
View reviewed changes
Copy link
Contributor

@hedasilv hedasilv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good to me! I would just recommend waiting for @znewton 's review as well since it seems formidable is used in the RestLess Server implementation, added by Zach.

znewton
znewton approved these changes May 26, 2022
View reviewed changes
Copy link
Contributor

@znewton znewton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like formidable@3.0.0 removed the "multiples" option, which we use. However, I think they removed it in a way that works for us. Otherwise, looks like no breaking changes. Would you mind removing { multiples: true } from line 103 of server/routerlicious/packages/services-shared/src/restLessServer.ts? Also, please bump @types/formidable to 2.0.5

Thanks, Arik!

znewton
znewton requested changes May 26, 2022
View reviewed changes
package-lock.json Outdated Show resolved Hide resolved
@arikt-ms arikt-ms requested a review from a team as a code owner May 26, 2022 22:14
@znewton znewton mentioned this pull request May 27, 2022
Merged
8 tasks
@znewton
Copy link
Contributor

znewton commented May 27, 2022

Closing in favor of #10451 , thanks Arik for working with me on this!

@znewton znewton closed this May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@znewton znewton znewton requested changes

@hedasilv hedasilv hedasilv approved these changes

@msfluid-bot msfluid-bot Awaiting requested review from msfluid-bot

Assignees

@znewton znewton

@hedasilv hedasilv

Labels
area: server Server related issues (routerlicious) base: main PRs targeted against main branch dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arikt-ms @znewton @hedasilv