Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Resolve vulnerabilities - express, path-to-regexp #3338

Merged
merged 3 commits into from
Sep 30, 2024
Merged

chore: Resolve vulnerabilities - express, path-to-regexp #3338

merged 3 commits into from
Sep 30, 2024

Conversation

suejung-sentry
Copy link
Contributor

@suejung-sentry suejung-sentry commented Sep 30, 2024
edited
Loading

Resolve vulnerabilities related to express and path-to-regexp.

Closes:
path-to-regexp
https://github.com/codecov/internal-issues/issues/791
https://github.com/codecov/internal-issues/issues/790
https://github.com/codecov/internal-issues/issues/789

express
https://github.com/codecov/internal-issues/issues/788
https://github.com/codecov/internal-issues/issues/787
https://github.com/codecov/internal-issues/issues/786

Tested by spot-check confirming no regressions in the preview deploy pages

Here are the dependency chains

path-to-regexp

BEFORE

yarn why path-to-regexp
├─ express@npm:4.19.2
│  └─ path-to-regexp@npm:0.1.7 (via npm:0.1.7)
│
├─ msw@npm:1.3.3
│  └─ path-to-regexp@npm:6.2.2 (via npm:^6.2.0)
│
├─ msw@npm:2.4.8
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ msw@npm:1.3.3 [6563e]
│  └─ path-to-regexp@npm:6.2.2 (via npm:^6.2.0)
│
├─ msw@npm:2.4.8 [6563e]
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ react-router@npm:5.3.4
│  └─ path-to-regexp@npm:1.8.0 (via npm:^1.7.0)
│
└─ react-router@npm:5.3.4 [6563e]
   └─ path-to-regexp@npm:1.8.0 (via npm:^1.7.0)

AFTER

├─ express@npm:4.21.0
│  └─ path-to-regexp@npm:0.1.10 (via npm:0.1.10)
│
├─ msw@npm:1.3.3
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ msw@npm:2.4.8
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ msw@npm:1.3.3 [6563e]
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ msw@npm:2.4.8 [6563e]
│  └─ path-to-regexp@npm:6.3.0 (via npm:^6.3.0)
│
├─ react-router@npm:5.3.4
│  └─ path-to-regexp@npm:1.9.0 (via npm:^1.9.0)
│
└─ react-router@npm:5.3.4 [6563e]
   └─ path-to-regexp@npm:1.9.0 (via npm:^1.9.0)

Fix versions
Screenshot 2024-09-30 at 1 27 09 PM

express

BEFORE

├─ @storybook/builder-webpack5@npm:8.2.6
│  └─ express@npm:4.19.2 (via npm:^4.19.2)
│
├─ @storybook/builder-webpack5@npm:8.2.6 [b7782]
│  └─ express@npm:4.19.2 (via npm:^4.19.2)
│
├─ @storybook/core@npm:8.2.6
│  └─ express@npm:4.19.2 (via npm:^4.19.2)
│
├─ webpack-dev-server@npm:4.15.2
│  └─ express@npm:4.19.2 (via npm:^4.17.3)
│
└─ webpack-dev-server@npm:4.15.2 [37b33]
   └─ express@npm:4.19.2 (via npm:^4.17.3)

AFTER

yarn why express
├─ @storybook/builder-webpack5@npm:8.2.6
│  └─ express@npm:4.21.0 (via npm:^4.21.0)
│
├─ @storybook/builder-webpack5@npm:8.2.6 [b7782]
│  └─ express@npm:4.21.0 (via npm:^4.21.0)
│
├─ @storybook/core@npm:8.2.6
│  └─ express@npm:4.21.0 (via npm:^4.21.0)
│
├─ webpack-dev-server@npm:4.15.2
│  └─ express@npm:4.21.0 (via npm:^4.21.0)
│
└─ webpack-dev-server@npm:4.15.2 [37b33]
   └─ express@npm:4.21.0 (via npm:^4.21.0)

Fix version
Screenshot 2024-09-30 at 1 28 09 PM

@codecov-qa
Copy link

codecov-qa bot commented Sep 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.76%. Comparing base (280795b) to head (f1d9c94).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3338   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         804      804           
  Lines       14043    14043           
  Branches     3999     3999           
=======================================
  Hits        13869    13869           
  Misses        163      163           
  Partials       11       11
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 98.49% <ø> (ø)
Pages 98.64% <ø> (ø)
Services 99.41% <ø> (ø)
Shared 99.05% <ø> (ø)
UI 98.05% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 280795b...f1d9c94. Read the comment docs.

@codecov Codecov
Copy link

codecov bot commented Sep 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.76%. Comparing base (280795b) to head (f1d9c94).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3338   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         804      804           
  Lines       14043    14043           
  Branches     3999     3976   -23     
=======================================
  Hits        13869    13869           
  Misses        163      163           
  Partials       11       11
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 98.49% <ø> (ø)
Pages 98.64% <ø> (ø)
Services 99.41% <ø> (ø)
Shared 99.05% <ø> (ø)
UI 98.05% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 280795b...f1d9c94. Read the comment docs.

@codecov-public-qa Codecov Public QA
Copy link

codecov-public-qa bot commented Sep 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.76%. Comparing base (280795b) to head (f1d9c94).

✅ All tests successful. No failed tests found.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3338   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         804      804           
  Lines       14043    14043           
  Branches     3999     3925   -74     
=======================================
  Hits        13869    13869           
  Misses        163      163           
  Partials       11       11
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 98.49% <ø> (ø)
Pages 98.64% <ø> (ø)
Services 99.41% <ø> (ø)
Shared 99.05% <ø> (ø)
UI 98.05% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 280795b...f1d9c94. Read the comment docs.

@codecov-notifications
Copy link

codecov-notifications bot commented Sep 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3338   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         804      804           
  Lines       14043    14043           
  Branches     3999     3925   -74     
=======================================
  Hits        13869    13869           
  Misses        163      163           
  Partials       11       11
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 98.49% <ø> (ø)
Pages 98.64% <ø> (ø)
Services 99.41% <ø> (ø)
Shared 99.05% <ø> (ø)
UI 98.05% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 280795b...f1d9c94. Read the comment docs.

@codecov Codecov
Copy link

codecov bot commented Sep 30, 2024

Bundle Report

Changes will increase total bundle size by 140 bytes (0.0%) ⬆️. This is within the configured threshold ✅

Detailed changes
Bundle name Size Change
gazebo-production-array-push 6.07MB 140 bytes (0.0%) ⬆️

@codecov-staging
Copy link

Bundle Report

Changes will increase total bundle size by 140 bytes (0.0%) ⬆️. This is within the configured threshold ✅

Detailed changes
Bundle name Size Change
gazebo-staging-array-push 6.07MB 140 bytes (0.0%) ⬆️

@codecov-releaser
Copy link
Contributor

codecov-releaser commented Sep 30, 2024
edited
Loading

✅ Deploy preview for gazebo ready!

Previews expire after 1 month automatically.

Storybook

Commit Created Cloud Enterprise
b693c48 Mon, 30 Sep 2024 17:15:59 GMT Expired Expired
9675730 Mon, 30 Sep 2024 19:14:19 GMT Expired Expired
f1d9c94 Mon, 30 Sep 2024 20:09:16 GMT Cloud Enterprise

ajay-sentry
ajay-sentry approved these changes Sep 30, 2024
View reviewed changes
Copy link
Contributor

@ajay-sentry ajay-sentry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good! ✅

@suejung-sentry suejung-sentry added this pull request to the merge queue Sep 30, 2024
Merged via the queue into main with commit d3c5b23 Sep 30, 2024
64 checks passed
@suejung-sentry suejung-sentry deleted the sshin/chore/vuln-express branch September 30, 2024 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajay-sentry ajay-sentry ajay-sentry approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@suejung-sentry @codecov-releaser @ajay-sentry