Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(multi-parser)!: force json-path-plus to be ^10.0.7 due to security fixed bug #1086

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat(multi-parser)!: force json-path-plus to be ^10.0.7 due to security fixed bug #1086

wants to merge 3 commits into from
+19 −0

Conversation

smoya
Copy link
Member

@smoya smoya commented Feb 12, 2025

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 12, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 79f9930

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@asyncapi/multi-parser Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@smoya smoya changed the title feat!(multi-parser): force json-path-plus to be ^10.0.7 due to security bugfix feat(multi-parser)!: force json-path-plus to be ^10.0.7 due to security bugfix Feb 12, 2025
@smoya smoya changed the title feat(multi-parser)!: force json-path-plus to be ^10.0.7 due to security bugfix feat(multi-parser)!: force json-path-plus to be ^10.0.7 due to security fixed bug Feb 12, 2025
@smoya smoya force-pushed the fix/update-json-path-plus branch from 40c2e4c to 9abdfec Compare February 12, 2025 19:14
@smoya smoya mentioned this pull request Feb 12, 2025
Open
2 tasks
jonaslagoni
jonaslagoni approved these changes Feb 13, 2025
View reviewed changes
Copy link
Member

@jonaslagoni jonaslagoni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test is kinda stuck?

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@derberg
Copy link
Member

derberg commented Feb 19, 2025

tests on ubunto hang forever, like now I rerun and over 55min running

> test
> turbo run build && turbo run test
Attention:
Turborepo now collects completely anonymous telemetry regarding usage.
This information is used to shape the Turborepo roadmap and prioritize features.
You can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:
https://turbo.build/repo/docs/telemetry
• Packages in scope: @asyncapi/multi-parser, @asyncapi/parser
• Running build in 2 packages
• Remote caching disabled
@asyncapi/parser:build
@asyncapi/multi-parser:build
 Tasks:    2 successful, 2 total
Cached:    0 cached, 2 total
  Time:    27.44[6](https://github.com/asyncapi/parser-js/actions/runs/13396915805/job/37462920498?pr=1086#step:10:7)s 
• Packages in scope: @asyncapi/multi-parser, @asyncapi/parser
• Running test in 2 packages
• Remote caching disabled
@asyncapi/parser:build
@asyncapi/multi-parser:test

multi-parser test ran well, just @asyncapi/parser:test did not kick off at all - dunno why

@derberg
Copy link
Member

derberg commented Feb 19, 2025

maybe because of overrides the package-lock file should also be updated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonaslagoni jonaslagoni jonaslagoni approved these changes

@magicmatatjahu magicmatatjahu Awaiting requested review from magicmatatjahu magicmatatjahu is a code owner

@asyncapi-bot-eve asyncapi-bot-eve Awaiting requested review from asyncapi-bot-eve asyncapi-bot-eve is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] @asyncapi/multi-parser still depending on vulnerable version of jsonpath-plus
3 participants
@smoya @derberg @jonaslagoni