Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167 #3146

Merged
merged 1 commit into from
Apr 5, 2024
Merged

chore(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167 #3146

merged 1 commit into from
Apr 5, 2024

Conversation

aldousalvarez
Copy link
Contributor

@aldousalvarez aldousalvarez commented Mar 26, 2024
edited
Loading

Commit to be reviewed

examples(carbon-accounting):fix CVE-2022-25881 CVE-2021-39167

Primary Changes
----------------
1. Modified the Dockerfile to use the updated versions 
   of the packages being used
2. Modified the supervisord.conf to use the correct path
   because it has changed after updating the versions

Fixes #2062

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2062 branch 3 times, most recently from e38a39c to f49d52a Compare March 26, 2024 11:12
petermetz
petermetz requested changes Mar 29, 2024
View reviewed changes
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez Please specify in the commit subject and the PR title the top 1 or 2 CVEs that are being addressed by the pull request so that it is as unique as possible within the 72 characters limit.

examples/cactus-example-carbon-accounting-backend/package.json Outdated Show resolved Hide resolved
@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2062 branch 2 times, most recently from f0107af to 8665694 Compare April 2, 2024 05:55
@aldousalvarez aldousalvarez changed the title fix(security): vulnerabilities found in example-carbon-accounting examples(carbon-accounting):fix CVE-2022-25881 CVE-2021-39167 Apr 2, 2024
@aldousalvarez
Copy link
Contributor Author

aldousalvarez commented Apr 2, 2024
edited
Loading

@aldousalvarez Please specify in the commit subject and the PR title the top 1 or 2 CVEs that are being addressed by the pull request so that it is as unique as possible within the 72 characters limit.

@petermetz Already updated it with the top 2 CVEs that are being addressed by this pull request. With this fix we can also close the issue #2718 because all the vulnerabilities are now fixed by this PR

@outSH
Copy link
Contributor

outSH commented Apr 2, 2024

@aldousalvarez Run yarn install to update the lock file to fix the CI

@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2062 branch from 8665694 to 6f1f1cc Compare April 3, 2024 05:14
@aldousalvarez aldousalvarez changed the title examples(carbon-accounting):fix CVE-2022-25881 CVE-2021-39167 examples(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167 Apr 3, 2024
@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2062 branch from 6f1f1cc to eeceff4 Compare April 3, 2024 05:16
petermetz
petermetz requested changes Apr 5, 2024
View reviewed changes
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aldousalvarez We are almost there! Please fix the PR lint check that currently is failing and also make sure to rebase onto upstream/main because there are some fixes in there that you'll need to have the build passing in general.

@aldousalvarez
chore(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167
c0df430 
Primary Changes
----------------
1. Modified the Dockerfile to use the updated versions
   of the packages being used
2. Modified the supervisord.conf to use the correct path
   because it has changed after updating the versions

Fixes hyperledger-cacti#2062

Signed-off-by: aldousalvarez <[email protected]>
@aldousalvarez aldousalvarez force-pushed the aldousalvarez/issue2062 branch from eeceff4 to c0df430 Compare April 5, 2024 07:39
@aldousalvarez aldousalvarez changed the title examples(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167 chore(carbon-accounting): fix CVE-2022-25881 CVE-2021-39167 Apr 5, 2024
@aldousalvarez
Copy link
Contributor Author

@petermetz already fixed it, PR lint check is now passing and is up to date with the upstream/main

@aldousalvarez aldousalvarez requested a review from petermetz April 5, 2024 07:44
@petermetz petermetz merged commit e8d56e0 into hyperledger-cacti:main Apr 5, 2024
132 of 143 checks passed
@petermetz petermetz deleted the aldousalvarez/issue2062 branch April 5, 2024 18:14
@jagpreetsinghsasan jagpreetsinghsasan mentioned this pull request Apr 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@outSH outSH outSH approved these changes

@petermetz petermetz petermetz approved these changes

@takeutak takeutak Awaiting requested review from takeutak takeutak is a code owner

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 is a code owner

@jagpreetsinghsasan jagpreetsinghsasan Awaiting requested review from jagpreetsinghsasan jagpreetsinghsasan is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna is a code owner

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(security): vulnerabilities found in example-carbon-accounting
3 participants
@aldousalvarez @outSH @petermetz