You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/02/11 18:33:47 UTC

[GitHub] [airflow] bbovenzi opened a new pull request #21526: Fix all High Severity npm vulnerabilities

bbovenzi opened a new pull request #21526:
URL: https://github.com/apache/airflow/pull/21526


   I went through `yarn audit` on `airflow/www` again and found a number of vulnerabilities that we can fix easily with updates, resolutions or removing that package. Some other fixes would require more work to migrate to a major version change or to remove entirely.
   
   |Before |After |
   --- | --- |
   |<img width="349" alt="Screen Shot 2022-02-11 at 1 26 06 PM" src="https://user-images.githubusercontent.com/4600967/153649162-911b1898-864a-45bf-9c56-9a9d3b1dd1ad.png">|<img width="352" alt="Screen Shot 2022-02-11 at 1 13 41 PM" src="https://user-images.githubusercontent.com/4600967/153649382-13853548-1725-418b-8e3f-5590d3e07428.png">|
   
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/main/UPDATING.md).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on a change in pull request #21526: Fix all High Severity npm vulnerabilities

Posted by GitBox <gi...@apache.org>.

potiuk commented on a change in pull request #21526:
URL: https://github.com/apache/airflow/pull/21526#discussion_r804948038



##########
File path: airflow/www/jest-setup.js
##########
@@ -20,9 +20,6 @@
  */
 
 import '@testing-library/jest-dom';
-import { enableFetchMocks } from 'jest-fetch-mock';
-
-enableFetchMocks();

Review comment:
       Any `leftpad` around :smile:  ? 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] github-actions[bot] commented on pull request #21526: Fix all High Severity npm vulnerabilities

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #21526:
URL: https://github.com/apache/airflow/pull/21526#issuecomment-1036549103


   The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest main or amend the last commit of the PR, and push it with --force-with-lease.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] bbovenzi commented on a change in pull request #21526: Fix all High Severity npm vulnerabilities

Posted by GitBox <gi...@apache.org>.

bbovenzi commented on a change in pull request #21526:
URL: https://github.com/apache/airflow/pull/21526#discussion_r804909942



##########
File path: airflow/www/jest-setup.js
##########
@@ -20,9 +20,6 @@
  */
 
 import '@testing-library/jest-dom';
-import { enableFetchMocks } from 'jest-fetch-mock';
-
-enableFetchMocks();

Review comment:
       I realized that we could just mock this call ourselves and we didn't need this package.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk merged pull request #21526: Fix all High Severity npm vulnerabilities

Posted by GitBox <gi...@apache.org>.

potiuk merged pull request #21526:
URL: https://github.com/apache/airflow/pull/21526


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org