You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/05/11 23:45:49 UTC

[GitHub] [airflow] ryanahamilton opened a new pull request #15784: Bump stylelint to remove vulnerable sub-dependency

ryanahamilton opened a new pull request #15784:
URL: https://github.com/apache/airflow/pull/15784


   Bumping `stylelint` to a version that has removed the vulnerable dependency.
   
   CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7753
   
   https://snyk.io/vuln/SNYK-JS-TRIM-1017038
   
   Replaces #15782.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ryanahamilton commented on pull request #15784: Bump stylelint to remove vulnerable sub-dependency

Posted by GitBox <gi...@apache.org>.

ryanahamilton commented on pull request #15784:
URL: https://github.com/apache/airflow/pull/15784#issuecomment-839319141


   Stylelint check passed in the static checks. Other failures are unrelated. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ryanahamilton merged pull request #15784: Bump stylelint to remove vulnerable sub-dependency

Posted by GitBox <gi...@apache.org>.

ryanahamilton merged pull request #15784:
URL: https://github.com/apache/airflow/pull/15784


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] github-actions[bot] commented on pull request #15784: Bump stylelint to remove vulnerable sub-dependency

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #15784:
URL: https://github.com/apache/airflow/pull/15784#issuecomment-839294968


   The PR is likely OK to be merged with just subset of tests for default Python and Database versions without running the full matrix of tests, because it does not modify the core of Airflow. If the committers decide that the full tests matrix is needed, they will add the label 'full tests needed'. Then you should rebase to the latest master or amend the last commit of the PR, and push it with --force-with-lease.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org