Skip to content

chore: Resolve yarn audit failure#6681

Merged
Gudahtt merged 1 commit intomainfrom
resolve-yarn-audit
Jun 22, 2023
Merged

chore: Resolve yarn audit failure#6681
Gudahtt merged 1 commit intomainfrom
resolve-yarn-audit

Conversation

@Gudahtt
Copy link
Copy Markdown
Member

@Gudahtt Gudahtt commented Jun 22, 2023

Development & PR Process

  1. Follow MetaMask Mobile Coding Standards
  2. Add release-xx label to identify the PR slated for a upcoming release (will be used in release discussion)
  3. Add needs-dev-review label when work is completed
  4. Add needs-qa label when dev review is completed
  5. Add QA Passed label when QA has signed off

Description

The Yarn audit failure has been addressed by ignoring the flagged security advisory. It is a ReDoS advisory, which doesn't present a risk for us (it's not used for a server, so there is no way for an attacker to impact our availability).

The audit file has been slightly reorganized to remove an obsolete comment, and to place the explanations above each entry rather than below.

Issue

None

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@Gudahtt
Resolve yarn audit failure
bdddb7b 
The Yarn audit failure has been addressed by ignoring the flagged
security advisory. It is a ReDoS advisory, which doesn't present a risk
for us (it's not used for a server, so there is no way for an attacker
to impact our availability).

The audit file has been slightly reorganized to remove an obsolete
comment, and to place the explanations above each entry rather than
below.
@Gudahtt Gudahtt changed the title Resolve yarn audit failure chore: Resolve yarn audit failure Jun 22, 2023
@Gudahtt Gudahtt marked this pull request as ready for review June 22, 2023 20:43
@Gudahtt Gudahtt requested a review from a team as a code owner June 22, 2023 20:43
wachunei
wachunei approved these changes Jun 22, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@wachunei wachunei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Gudahtt Gudahtt added the No QA Needed Apply this label when your PR does not need any QA effort. label Jun 22, 2023
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 22, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@Gudahtt Gudahtt merged commit 5f1c079 into main Jun 22, 2023
@Gudahtt Gudahtt deleted the resolve-yarn-audit branch June 22, 2023 21:06
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 22, 2023
@metamaskbot metamaskbot added the release-7.3.0 Issue or pull request that will be included in release 7.3.0 label Jun 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wachunei wachunei wachunei approved these changes

Assignees

No one assigned

Labels

No QA Needed Apply this label when your PR does not need any QA effort. release-7.3.0 Issue or pull request that will be included in release 7.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gudahtt @wachunei @metamaskbot