[universal] Update npm due to GHSA-c2qf-rxjj-qqgw by alexander-smolyakov · Pull Request #700 · devcontainers/images

alexander-smolyakov · 2023-08-10T15:46:58Z

Dev container name:

universal

Description:

This PR addresses the GHSA-c2qf-rxjj-qqgw vulnerability. The vulnerability is related to the smever package. This package is a dependency for npm shipped with Node v18.17.0.

Changelog:

Bumped npm to the 9.8.1 version;
Added test to verify npm version;

Other changes:

Locked the dotnet version to resolve the issue with Oryx;
The patch-python feature updated:
- Removed the setuptools patch for Python 3.10 since not required anymore;
- Locked versions for packages;

Checklist:

Checked that applied changes work as expected

- Remove `setuptools` patch for Python 3.10 since not required anymore; - Lock versions for packages;

…3.10

This reverts commit 6ddb26b.

This reverts commit eb2d238.

This reverts commit 9447967.

…update-npm-version

alexander-smolyakov added 3 commits August 10, 2023 19:26

Lock dotnet version to resolve issue with Oryx

6323606

Update patch-python feature

067f004

- Remove `setuptools` patch for Python 3.10 since not required anymore; - Lock versions for packages;

Add patch for GHSA-c2qf-rxjj-qqgw

3de9207

alexander-smolyakov requested a review from a team as a code owner August 10, 2023 15:46

alexander-smolyakov added 3 commits August 10, 2023 20:32

Fix tests

cacc9bc

Update manifest.json

2432c4a

Update tests

907b285

samruddhikhandale reviewed Aug 10, 2023

View reviewed changes

Comment thread src/universal/.devcontainer/local-features/patch-python/install.sh

Comment thread src/universal/.devcontainer/local-features/setup-user/install.sh Outdated

Comment thread src/universal/test-project/test.sh

alexander-smolyakov added 2 commits August 11, 2023 12:56

Resolve review comment: Lock setuptools package version for Python …

0d0c6dd

…3.10

Reworked patch

a19202c

alexander-smolyakov requested a review from samruddhikhandale August 11, 2023 09:50

alexander-smolyakov added 9 commits August 11, 2023 14:03

Test: Update PIP for Python 3.10

6ddb26b

Revert "Test: Update PIP for Python 3.10"

4556bab

This reverts commit 6ddb26b.

Test: Update Python

eb2d238

Revert "Test: Update Python"

2a6d9b5

This reverts commit eb2d238.

Restart checks

b8923a4

test: Add trace commands

9447967

Revert "test: Add trace commands"

059fa06

This reverts commit 9447967.

Merge remote-tracking branch 'upstream/main' into GHSA-c2qf-rxjj-qqgw_…

8147ad2

…update-npm-version

Explicitly set useOryxIfAvailable to false

be073a8

alexander-smolyakov commented Aug 15, 2023

View reviewed changes

Comment thread src/universal/.devcontainer/devcontainer.json

samruddhikhandale approved these changes Aug 15, 2023

View reviewed changes

samruddhikhandale merged commit f60dd55 into devcontainers:main Aug 15, 2023

alexander-smolyakov deleted the GHSA-c2qf-rxjj-qqgw_update-npm-version branch August 16, 2023 05:49

samruddhikhandale mentioned this pull request Aug 16, 2023

v0.3.15 #705

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[universal] Update npm due to GHSA-c2qf-rxjj-qqgw#700

[universal] Update npm due to GHSA-c2qf-rxjj-qqgw#700
samruddhikhandale merged 17 commits intodevcontainers:mainfrom
alexander-smolyakov:GHSA-c2qf-rxjj-qqgw_update-npm-version

alexander-smolyakov commented Aug 10, 2023

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

alexander-smolyakov commented Aug 10, 2023

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants