Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude bootstrap-sass from yarn audit #9333

Merged
merged 1 commit into from
Feb 3, 2025
Merged

Exclude bootstrap-sass from yarn audit #9333

merged 1 commit into from
Feb 3, 2025

Conversation

Fryguy
Copy link
Member

@Fryguy Fryguy commented Feb 3, 2025
edited
Loading

This package is being brought in by patternfly, and we are already at the latest version. We need to upgrade patternfly or replace it completely to be off of this package.

This is related to CVE-2024-6484, however I'm not sure why this changed all of a sudden.

@jrafanie Please review. cc @GilbertCherrie

@Fryguy
Exclude bootstrap-sass from yarn audit
eed2fba 
This package is being brought in by patternfly, and we are already at
the latest version. We need to upgrade patternfly or replace it
completely to be off of this package.
@Fryguy Fryguy requested a review from a team as a code owner February 3, 2025 21:08
@Fryguy Fryguy closed this Feb 3, 2025
@Fryguy Fryguy reopened this Feb 3, 2025
@Fryguy Fryguy mentioned this pull request Feb 3, 2025
Merged
@Fryguy
Copy link
Member Author

Fryguy commented Feb 3, 2025

@jrafanie It's hitting a weird issue where locally I found the issue in Gemfile.lock, but in GitHub Actions it finds the issue in Gemfile. This seems to be a different with using a symlink vs cloning the whole repo, but I can't narrow it down.

For now, let's get core green by merging this PR and I'll keep investigating why the files are different here.

jrafanie
jrafanie approved these changes Feb 3, 2025
View reviewed changes
Copy link
Member

@jrafanie jrafanie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merging so we can see if core now passes

@jrafanie jrafanie merged commit 7e3e47e into ManageIQ:master Feb 3, 2025
7 of 29 checks passed
@Fryguy Fryguy deleted the fix_yarn_audit_issue branch February 3, 2025 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrafanie jrafanie jrafanie approved these changes

Assignees

@jrafanie jrafanie

Labels
security test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Fryguy @jrafanie