You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@helix.apache.org by "helix-bot (via GitHub)" <gi...@apache.org> on 2023/05/04 19:48:20 UTC

[GitHub] [helix] helix-bot opened a new pull request, #2479: specify vm2 at least 3.9.17 in helix-front package.resolutions

helix-bot opened a new pull request, #2479:
URL: https://github.com/apache/helix/pull/2479

   ### Description
   
   <!-- Write a concise description: "what?, why?, how?" and then add some details about this PR, including screenshots of any UI changes -->
   
   <!-- This PR fixes this Helix issue & includes the Helix issue in the PR description. Link your issue number here: You can write `Fix #123`.  See https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue -->
   
   This PR specifies a version of the library vm2 of at least version 3.9.17 in the helix-front package.resolutions in order to fix the upstream vm2 vulnerability present in vm2@3.9.14 and prior. 
   
   See issue #2474 for details.
   
   Fix #2474 
   
   ### Tests
   
   New unit or integration tests:
   ```
   yarn install
   ```
   
   <details>
   
   ### Code Style
   
   <!-- Ensure the PR diff has been formatted using [Prettier](https://prettier.io) -->
   
   Formatted using [Prettier](https://prettier.io)
   
   ### Commits
   
   - My commits all reference appropriate Apache Helix GitHub issues in their subject lines. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)"
   
   ### Changes that Break Backward Compatibility (Optional)
   
   - [ ] My PR contains changes that break backward compatibility or previous assumptions for certain methods or API. They include: -->
   
   <!-- Consider including all behavior changes for public methods or API. Also include these changes in merge description so that other developers are aware of these changes. This allows them to make relevant code changes in feature branches accounting for the new method or API behavior. -->
   
   ### Documentation (Optional)
   
   - [ ] In case of new functionality, my PR adds documentation in the following wiki page: -->
   
   <!-- Link the GitHub wiki you added -->
   
   </details>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org

[GitHub] [helix] junkaixue merged pull request #2479: specify vm2 at least 3.9.17 in helix-front package.resolutions

Posted by "junkaixue (via GitHub)" <gi...@apache.org>.

junkaixue merged PR #2479:
URL: https://github.com/apache/helix/pull/2479


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org

[GitHub] [helix] helix-bot commented on pull request #2479: specify vm2 at least 3.9.17 in helix-front package.resolutions

Posted by "helix-bot (via GitHub)" <gi...@apache.org>.

helix-bot commented on PR #2479:
URL: https://github.com/apache/helix/pull/2479#issuecomment-1535480466

   Thanks for the review @hivivo 🙏 
   
   This PR is ready to be merged, approved by @hivivo 
   Final commit message:
   ##  specify vm2 at least 3.9.17 in helix-front package.resolutions (#2474 )


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org

[GitHub] [helix] helix-bot commented on pull request #2479: specify vm2 at least 3.9.17 in helix-front package.resolutions

Posted by "helix-bot (via GitHub)" <gi...@apache.org>.

helix-bot commented on PR #2479:
URL: https://github.com/apache/helix/pull/2479#issuecomment-1535326241

   @somecodemokey @cliffordfajardo @hivivo would appreciate a review for this one 🙏 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org