Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: dompurify package vulnerability #19847

Merged
merged 2 commits into from
Feb 18, 2025
Merged

Fix: dompurify package vulnerability #19847

merged 2 commits into from
Feb 18, 2025

Conversation

aniketkatkar97
Copy link
Member

I worked on adding "dompurify" resolution in the package.json since older version was being used in "toast-ui/react-editor" dependency

Ref: https://github.com/open-metadata/OpenMetadata/security/dependabot/196

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@aniketkatkar97
I added "dompurify" resolution in the package.json since older versio…
bfc6892 
…n was being used in "toast-ui/react-editor" dependency
@aniketkatkar97 aniketkatkar97 added UI UI specific issues To release Will cherry-pick this PR into the release branch labels Feb 18, 2025
@aniketkatkar97 aniketkatkar97 self-assigned this Feb 18, 2025
@aniketkatkar97 aniketkatkar97 requested a review from a team as a code owner February 18, 2025 05:07
@github-actions github-actions bot added the safe to test Add this label to run secure Github workflows on PRs label Feb 18, 2025
@github-actions GitHub Actions
Copy link
Contributor

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 64%
 64.65% (41383/64009) 41.04% (16732/40766) 44.24% (5042/11398)

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'open-metadata-ui'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@aniketkatkar97 aniketkatkar97 merged commit d1988f4 into main Feb 18, 2025
16 of 18 checks passed
@aniketkatkar97 aniketkatkar97 deleted the fix-dompurify-dependabot branch February 18, 2025 12:58
@github-actions GitHub Actions
Copy link
Contributor

Changes have been cherry-picked to the 1.6.4 branch.

github-actions bot pushed a commit that referenced this pull request Feb 18, 2025
@aniketkatkar97
I added "dompurify" resolution in the package.json since older versio…
b761108 
…n was being used in "toast-ui/react-editor" dependency (#19847)

(cherry picked from commit d1988f4)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ashish8689 Ashish8689 Ashish8689 approved these changes

@ShaileshParmar11 ShaileshParmar11 ShaileshParmar11 approved these changes

Assignees

@aniketkatkar97 aniketkatkar97

Labels
safe to test Add this label to run secure Github workflows on PRs To release Will cherry-pick this PR into the release branch UI UI specific issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aniketkatkar97 @Ashish8689 @ShaileshParmar11