Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve GHSA-gcx4-mw62-g8wm (backport #7189) [release/4.9.x] #7191

Merged
merged 1 commit into from
Sep 24, 2024
Merged

Resolve GHSA-gcx4-mw62-g8wm (backport #7189) [release/4.9.x] #7191

merged 1 commit into from
Sep 24, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Sep 24, 2024 

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ DOM Clobbering Gadget found in rollup bundled scripts  │
│                     │ that leads to XSS                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ rollup                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.22.4                                        │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.22.4                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ../../test-apps/display-performance-test-app >         │
│                     │ vite@5.4.6 > rollup@4.20.0                             │
│                     │                                                        │
│                     │ ../../test-apps/display-performance-test-app >         │
│                     │ vite-plugin-inspect@0.8.4 > vite@5.4.6 > rollup@4.20.0 │
│                     │                                                        │
│                     │ ../../test-apps/display-test-app > vite@5.4.6 >        │
│                     │ rollup@4.20.0                                          │
│                     │                                                        │
│                     │ ... Found 4 paths, run `pnpm why rollup` for more      │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ /~https://github.com/advisories/GHSA-gcx4-mw62-g8wm      │
└─────────────────────┴────────────────────────────────────────────────────────┘
```<hr>This is an automatic backport of pull request #7189 done by [Mergify](https://mergify.com).

@GytisCepk @mergify
Resolve GHSA-gcx4-mw62-g8wm (#7189)
d432277 
(cherry picked from commit 2b0b040)

# Conflicts:
#	common/config/rush/pnpm-lock.yaml
@mergify mergify bot added the conflicts label Sep 24, 2024
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Sep 24, 2024

Cherry-pick of 2b0b040 has failed:

On branch mergify/bp/release/4.9.x/pr-7189
Your branch is up to date with 'origin/release/4.9.x'.

You are currently cherry-picking commit 2b0b0406a9.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   common/config/rush/pnpm-lock.yaml

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot mentioned this pull request Sep 24, 2024
Merged
@mergify mergify bot requested a review from a team September 24, 2024 13:35
@hl662 hl662 merged commit 7597757 into release/4.9.x Sep 24, 2024
9 checks passed
@hl662 hl662 deleted the mergify/bp/release/4.9.x/pr-7189 branch September 24, 2024 13:58
@hl662 hl662 restored the mergify/bp/release/4.9.x/pr-7189 branch September 24, 2024 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hl662 hl662 hl662 approved these changes

Assignees

@GytisCepk GytisCepk

Labels
conflicts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hl662 @GytisCepk