Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update cli-table dependency to fix broken colors.js #19622

Merged
merged 3 commits into from
Jan 10, 2022
Merged

fix: update cli-table dependency to fix broken colors.js #19622

merged 3 commits into from
Jan 10, 2022

Conversation

JJ
Copy link
Contributor

@JJ JJ commented Jan 9, 2022
edited by jennifer-shehane
Loading

Close #19624

By pinning a dependency to 1.4.0 see https://github.com/cli-table/cli-table3/pull/251/files Marak/colors.js#285

User facing changelog

Upgrade cli-table3 to avoid problems with colors.js "bad" version

Additional details

A non-working version of colors.js was uploaded and published by their owner. First-level dependencies are working through it.

How has the user experience changed?

No change.

@JJ JJ requested a review from a team as a code owner January 9, 2022 13:35
@JJ JJ requested review from jennifer-shehane and removed request for a team January 9, 2022 13:35
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 9, 2022

Thanks for taking the time to open a PR!

@CLAassistant
Copy link

CLAassistant commented Jan 9, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@JJ JJ changed the title ⬆️ to fix broken colors.js fix: ⬆️ to fix broken colors.js Jan 9, 2022
@DanielRuf
Copy link

See also Marak/colors.js#285 (comment)

@jennifer-shehane
Copy link
Member

@JJ Thank you for opening this PR for the fix. We can merge this in and will discuss whether to do a patch release tomorrow at the earliest with our team.

@benjdlambert benjdlambert mentioned this pull request Jan 10, 2022
Closed
emilyrohrbough
emilyrohrbough previously approved these changes Jan 10, 2022
View reviewed changes
@jennifer-shehane jennifer-shehane mentioned this pull request Jan 10, 2022
Closed
@emilyrohrbough emilyrohrbough changed the title fix: ⬆️ to fix broken colors.js security: update cli-table dependency to fix broken colors.js Jan 10, 2022
@emilyrohrbough emilyrohrbough changed the title security: update cli-table dependency to fix broken colors.js fix: update cli-table dependency to fix broken colors.js Jan 10, 2022
@ryanthemanuel ryanthemanuel merged commit 4818a21 into cypress-io:develop Jan 10, 2022
@nalandial nalandial mentioned this pull request Jan 10, 2022
Closed
mschile added a commit that referenced this pull request Jan 18, 2022
@mschile
Squashed commit of the following:
199c983 
commit d8fa85d
Author: Chris Breiding <[email protected]>
Date:   Fri Jan 14 09:48:43 2022 -0500

    chore: Fix a couple multi-domain bugs (#19698)

commit 2e5fbad
Author: Chris Breiding <[email protected]>
Date:   Thu Jan 13 11:44:35 2022 -0500

    fix types issue

commit cc08d12
Author: Chris Breiding <[email protected]>
Date:   Thu Jan 13 09:56:31 2022 -0500

    fix issues after merge

commit 8e0770f
Merge: 2ee9893 d87711e
Author: Chris Breiding <[email protected]>
Date:   Thu Jan 13 09:31:25 2022 -0500

    Merge branch 'develop' into feature-multidomain

commit d87711e
Merge: 576519e f22e3ca
Author: Brian Barrow <[email protected]>
Date:   Wed Jan 12 16:41:35 2022 +0000

    Merge branch 'master' into develop

commit f22e3ca
Author: Brian Barrow <[email protected]>
Date:   Wed Jan 12 09:40:48 2022 -0700

    Fixed Vue README links in Global Components section (#19550)

commit 576519e
Author: Pascal Gafner <[email protected]>
Date:   Wed Jan 12 15:52:26 2022 +0100

    fix: use util.getEnv to handle environment variables set with npm (#19560)

    Co-authored-by: Matt Henkes <[email protected]>
    Co-authored-by: Emily Rohrbough <[email protected]>

commit 0382768
Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Date:   Tue Jan 11 21:35:43 2022 +0000

    chore(deps): update dependency electron to v15.3.4 🌟 (#19657)

    Co-authored-by: Renovate Bot <[email protected]>

commit 1305cca
Author: Lachlan Miller <[email protected]>
Date:   Wed Jan 12 07:10:14 2022 +1000

    fix: rename specs to correctly match convention (#19641)

    * fix: rename specs to correctly match convention

    * Remove underscore from TESTFILES glob pattern

    Co-authored-by: Zach Bloomquist <[email protected]>

commit c45a240
Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Date:   Tue Jan 11 12:59:14 2022 -0800

    fix(deps): update dependency node-forge to v1 [security] (#19635)

    Co-authored-by: Renovate Bot <[email protected]>

commit ea531b7
Author: Kukhyeon Heo <[email protected]>
Date:   Wed Jan 12 00:37:05 2022 +0900

    chore: remove pkg/driver //@ts-nocheck part 2 (#19483)

    * listeners.ts

    * chainer.ts

    * command.ts

    * actionability.ts

    * inspect.ts

    * agents.ts

    * aliasing.ts

    * angular.ts

    * asserting.ts

    * clock.ts files

    * commands.ts

    * debugging.ts

    * fix comment.

    * roll back change.

    * Fix.

    * fix

    * Casted to cast.

    * Feedback changes.

    * fix any.

commit 513074e
Author: Josh Wooding <[email protected]>
Date:   Tue Jan 11 15:34:01 2022 +0000

    fix: overflow clip to prevent selector header from disapearing (#18649) (#19646)

    Co-authored-by: Tim Griesser <[email protected]>

commit b8ccf12
Merge: 2071575 d227420
Author: Ryan Manuel <[email protected]>
Date:   Mon Jan 10 15:38:23 2022 -0600

    Merge branch 'develop'

commit d227420
Author: Ryan Manuel <[email protected]>
Date:   Mon Jan 10 15:34:34 2022 -0600

    release 9.2.1 [skip ci]

commit 5d1dce6
Author: Ryan Manuel <[email protected]>
Date:   Mon Jan 10 13:01:12 2022 -0600

    Merge master to dev

commit 4818a21
Author: Juan Julián Merelo Guervós <[email protected]>
Date:   Mon Jan 10 19:52:32 2022 +0100

    fix: update cli-table dependency to fix broken colors.js (#19622)

    Co-authored-by: Emily Rohrbough <[email protected]>
    Co-authored-by: Ryan Manuel <[email protected]>

commit 2071575
Author: semantic-release-bot <[email protected]>
Date:   Mon Jan 10 11:23:17 2022 -0500

    chore: release @cypress/react-v5.12.1

    [skip ci]

commit 3f85a04
Merge: 642ec41 6304fd7
Author: Zachary Williams <[email protected]>
Date:   Mon Jan 10 16:02:22 2022 +0000

    Merge branch 'master' into develop

commit 6304fd7
Author: Zachary Williams <[email protected]>
Date:   Mon Jan 10 10:01:27 2022 -0600

    fix: check resolvedNodePath for Next.js 12 guard (#19604)

commit 10e3e0a
Author: semantic-release-bot <[email protected]>
Date:   Tue Dec 21 14:35:12 2021 -0500

    chore: release @cypress/react-v5.12.0

    [skip ci]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbiethman tbiethman tbiethman approved these changes

@mjhenkes mjhenkes mjhenkes approved these changes

@emilyrohrbough emilyrohrbough emilyrohrbough left review comments

@jennifer-shehane jennifer-shehane jennifer-shehane left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The project relies on colors.js with malicious code
8 participants
@JJ @CLAassistant @DanielRuf @jennifer-shehane @mjhenkes @tbiethman @emilyrohrbough @ryanthemanuel