Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: patch spectral cli to remove vm2 #750

Merged
merged 9 commits into from
Sep 12, 2023

Conversation

mattias-persson
Copy link
Contributor

Description

  • This pull request aims to patch the vulnerability found in vm2 which is indirectly included through spectral-cli
  • In the upgraded version of spectral-cli, they have also changed the location of the formatters imported in src/parser.ts

Related issue(s)
See also #727 and stoplightio/spectral#2510.

Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

@mattias-persson mattias-persson changed the title Patch spectral cli to remove vm2 chore(deps): patch spectral cli to remove vm2 Aug 9, 2023
@Souvikns
Copy link
Member

@mattias-persson for some reason all the tests are failing.

@mattias-persson
Copy link
Contributor Author

mattias-persson commented Aug 21, 2023

@mattias-persson for some reason all the tests are failing.

Yes, I would need your input on why if you get a chance @Souvikns... 😅

@Souvikns
Copy link
Member

Something is wrong with the @stoplight/spectral-cli:v6.9.0 the old version we were using works I tried to update the version to 6.10.1 as well still getting the same error.

@magicmatatjahu need your help here.

src/parser.ts Outdated Show resolved Hide resolved
@derberg derberg changed the title chore(deps): patch spectral cli to remove vm2 fix: patch spectral cli to remove vm2 Sep 12, 2023
@derberg
Copy link
Member

derberg commented Sep 12, 2023

@mattias-persson hey, you need to solve some conflicts. Once you do it, please ping me through a comment. I do not get notifications from GH that some new commits were in the PR, so I don't know it is a time for followup review. Thanks 🙏🏼

btw, I changed to fix: so we include the change in release, as patch

src/parser.ts Outdated Show resolved Hide resolved
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@mattias-persson
Copy link
Contributor Author

Alright @derberg, should be resolved now. Let me know if you see anything funky!

Copy link
Member

@derberg derberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@derberg
Copy link
Member

derberg commented Sep 12, 2023

/rtm

@asyncapi-bot asyncapi-bot merged commit 8a21960 into asyncapi:master Sep 12, 2023
4 checks passed
@mattias-persson mattias-persson deleted the patch-spectral-cli branch September 13, 2023 05:40
@asyncapi-bot
Copy link
Contributor

🎉 This PR is included in version 0.56.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants