Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate NuGetInstallerV0 to Node10 #16495

Merged
merged 7 commits into from
Jul 25, 2022
Merged

Migrate NuGetInstallerV0 to Node10 #16495

merged 7 commits into from
Jul 25, 2022

Conversation

mpodriezov
Copy link
Contributor

Task name: NuGetInstallerV0

Description: Migrated task to Node10

Documentation changes required: N

Added unit tests: N

Attached related issue: N

Checklist:

  • Task version was bumped - please check instruction how to do it
  • Checked that applied changes work as expected

The original PR was from AndreyIvanov42's fork here.

@mpodriezov mpodriezov requested a review from mmrazik June 27, 2022 13:11
@mpodriezov
Copy link
Contributor Author

@phil-hodgson Would you be able to test this task?

@mpodriezov mpodriezov mentioned this pull request Jun 27, 2022
Closed
2 tasks
@mpodriezov
Copy link
Contributor Author

There are some CG / npm audit issues. All seems to be some dependency defined in package.json like:

"packaging-common": "file:../../_build/Tasks/Common/packaging-common-1.0.1.tgz",
"utility-common": "file:../../_build/Tasks/Common/utility-common-1.0.2.tgz",

The npm audit list:

High Improper Privilege Management in shelljs
Dependency of 9558329fb9ca0d626ce645e9d04bf44e141e801210bd77a588847c7de22…

High Arbitrary Code Execution in underscore
Dependency of 9558329fb9ca0d626ce645e9d04bf44e141e801210bd77a588847c7de22…

Moderate Denial of Service in js-yaml
Dependency of c327b95400048f856ea478901dc0fb9481d79f218a4368a7eb4c273cc66…

High Code Injection in js-yaml
Dependency of c327b95400048f856ea478901dc0fb9481d79f218a4368a7eb4c273cc66…

...
found 8 vulnerabilities (3 moderate, 5 high) in 49 scanned packages

@mpodriezov
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 4 pipeline(s).

tintse-thxsky-MSFT
tintse-thxsky-MSFT approved these changes Jul 25, 2022
View reviewed changes
Copy link
Contributor

@tintse-thxsky-MSFT tintse-thxsky-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved and merged.

@tintse-thxsky-MSFT tintse-thxsky-MSFT merged commit 35ac313 into master Jul 25, 2022
@KonstantinTyukalov KonstantinTyukalov mentioned this pull request Aug 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tintse-thxsky-MSFT tintse-thxsky-MSFT tintse-thxsky-MSFT approved these changes

@mmrazik mmrazik Awaiting requested review from mmrazik

@phil-hodgson phil-hodgson Awaiting requested review from phil-hodgson

@aasim aasim Awaiting requested review from aasim

@satbai satbai Awaiting requested review from satbai

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mpodriezov @tintse-thxsky-MSFT @AndreyIvanov42