Skip to content

Update underscore to 1.12.1#677

Merged
XiaoningLiu merged 1 commit intoAzure:masterfrom
HarshaNalluru:harshan/update-underscore
Apr 28, 2021
Merged

Update underscore to 1.12.1#677
XiaoningLiu merged 1 commit intoAzure:masterfrom
HarshaNalluru:harshan/update-underscore

Conversation

@HarshaNalluru
Copy link
Contributor

@HarshaNalluru HarshaNalluru commented Apr 6, 2021

Component Governance from DevOps complains of the underscore dependency in azure-sdk-for-js repo.

  • Pulled in by event-processor-host since it depends on azure-storage
  • Need to update underscore to ^1.12.1 to fix the problem

@coveralls
Copy link

coveralls commented Apr 6, 2021

Coverage Status

Coverage remained the same at 91.696% when pulling 35c3a76 on HarshaNalluru:harshan/update-underscore into 333c924 on Azure:master.

1 similar comment
@coveralls
Copy link

coveralls commented Apr 6, 2021

Coverage Status

Coverage remained the same at 91.696% when pulling 35c3a76 on HarshaNalluru:harshan/update-underscore into 333c924 on Azure:master.

@mhassan1 mhassan1 mentioned this pull request Apr 7, 2021
Closed
ramya-rao-a
ramya-rao-a reviewed Apr 9, 2021
View reviewed changes
package.json
"md5.js": "1.3.4",
"readable-stream": "~2.0.0",
"request": "^2.86.0",
"underscore": "~1.8.3",
Copy link
Contributor

@ramya-rao-a ramya-rao-a Apr 9, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@XiaoningLiu Do you recall any reason why ~ was used here instead of ^
Am wondering if us making this change will cause any issues

Copy link

@GuillermoBlanco GuillermoBlanco Apr 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ramya-rao-a , @XiaoningLiu , could we run some integration tests in order to validate this security fix?

goelankit
goelankit reviewed Apr 23, 2021
View reviewed changes
Copy link

@goelankit goelankit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the package version as well. We are looking to consume this change downstream as we are getting security alerts as well for this dependency.

@XiaoningLiu XiaoningLiu merged commit 126bbf6 into Azure:master Apr 28, 2021
@phawxby
Copy link

phawxby commented May 6, 2021

@XiaoningLiu without a package update this merge isn't helping anyone.

@joaomoreno
Copy link

joaomoreno commented May 7, 2021

@HarshaNalluru Let's release this.

@EmmaZhu
Copy link
Member

EmmaZhu commented May 7, 2021

Hi,
We are working on a release for this. Should be able to release it in the next two weeks.

Thanks
Emma

@bsegault
Copy link

bsegault commented May 7, 2021

@EmmaZhu @XiaoningLiu Can we help in any way to speed up the release?

@dpwatrous dpwatrous mentioned this pull request May 7, 2021
Merged
@HarshaNalluru HarshaNalluru deleted the harshan/update-underscore branch May 7, 2021 19:01
@lucioperca lucioperca mentioned this pull request May 8, 2021
Closed
@soulchild soulchild mentioned this pull request May 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EmmaZhu EmmaZhu EmmaZhu approved these changes

@XiaoningLiu XiaoningLiu XiaoningLiu approved these changes

+3 more reviewers

@GuillermoBlanco GuillermoBlanco GuillermoBlanco left review comments

@ramya-rao-a ramya-rao-a ramya-rao-a left review comments

@goelankit goelankit goelankit left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@HarshaNalluru @coveralls @phawxby @joaomoreno @EmmaZhu @bsegault @GuillermoBlanco @XiaoningLiu @ramya-rao-a @goelankit