Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cmd-socketio-server): fix Prototype Pollution in nconf #2685

Closed
wants to merge 0 commits into from
Closed

fix(cmd-socketio-server): fix Prototype Pollution in nconf #2685

wants to merge 0 commits into from

Conversation

petermetz
Copy link
Contributor

Depends on #2562 - build(deps): fix npm (grpc) build on NodeJS v20.4.0

Fixes #2684

Signed-off-by: Peter Somogyvari [email protected]

@petermetz petermetz enabled auto-merge (rebase) September 11, 2023 21:24
@sandeepnRES
Copy link
Contributor

Is this PR not supposed to be merged unless #2562 is closed?

@petermetz
Copy link
Contributor Author

Is this PR not supposed to be merged unless #2562 is closed?

@sandeepnRES Correct. The robot is enforcing that via the Depends on $SOME_ISSUE_LINK declaration in the PR description on top. This is how it blocks it via the CI checks:
image

@petermetz petermetz force-pushed the petermetz/issue2684 branch from cadc38c to 850e712 Compare October 16, 2023 21:50
@petermetz petermetz disabled auto-merge October 16, 2023 21:50
@github-actions
Copy link

This PR/issue depends on:

@petermetz petermetz closed this Oct 18, 2023
@petermetz petermetz force-pushed the petermetz/issue2684 branch from 850e712 to 71734b0 Compare October 18, 2023 01:34
@petermetz petermetz deleted the petermetz/issue2684 branch October 18, 2023 01:34
@petermetz
Copy link
Contributor Author

Turns out that the vulnerable versions of nconf were removed by one of the previous commits, so we are good to close this without merging (because there is no diff anymore)

@petermetz petermetz mentioned this pull request Nov 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandeepnRES sandeepnRES sandeepnRES approved these changes

@takeutak takeutak takeutak approved these changes

@izuru0 izuru0 Awaiting requested review from izuru0

@jagpreetsinghsasan jagpreetsinghsasan Awaiting requested review from jagpreetsinghsasan

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(cmd-socketio-server): fix Prototype Pollution in nconf
3 participants
@petermetz @sandeepnRES @takeutak