Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address Dependabot Security Alert No. 10: Patch undici #7882

Closed
9 tasks
t-will-gillis opened this issue Feb 4, 2025 · 5 comments
Closed
9 tasks

Address Dependabot Security Alert No. 10: Patch undici #7882

t-will-gillis opened this issue Feb 4, 2025 · 5 comments
Assignees
@t-will-gillis
Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue Feature: Code Alerts role: back end/devOps Tasks for back-end developers size: 1pt Can be done in 4-6 hours Status: Urgent Needs to be worked on immediately

Comments

@t-will-gillis
Copy link
Member

t-will-gillis commented Feb 4, 2025
edited
Loading

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the new alert Dependabot 10 and investigate how to resolve the alert.

Action Items

  • The following action item serves to "link" this issue as the "tracking issue" for the CodeQL alert and to provide more details regarding the alerts:
  • https://github.com/hackforla/website/security/dependabot/10
  • If the recommendation is to dismiss the alert:
    • Apply the label ready for dev lead
    • Move the issue to Questions/In Review
  • If the recommendation is to update code:
    • Create an issue branch and proceed with the code update
    • Test using docker to ensure that there are no changes to any affected webpage(s)
    • Proceed with pull request in the usual manner

Resources/Instructions
@t-will-gillis t-will-gillis added Feature: Code Alerts role: back end/devOps Tasks for back-end developers size: 1pt Can be done in 4-6 hours Status: Urgent Needs to be worked on immediately labels Feb 4, 2025
@github-project-automation github-project-automation bot moved this to New Issue Approval in P: HfLA Website: Project Board Feb 4, 2025
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@t-will-gillis t-will-gillis self-assigned this Feb 4, 2025
@HackforLABot

This comment has been minimized.

Sign in to view
@t-will-gillis t-will-gillis added Complexity: Small Take this type of issues after the successful merge of your second good first issue and removed Complexity: Missing labels Feb 4, 2025
@t-will-gillis t-will-gillis moved this from New Issue Approval to In progress (actively working) in P: HfLA Website: Project Board Feb 4, 2025
@t-will-gillis
Copy link
Member Author

eta: eod 2/9

@HackforLABot HackforLABot added the To Update ! No update has been provided label Feb 14, 2025
@HackforLABot

This comment has been minimized.

Sign in to view
@t-will-gillis t-will-gillis removed the To Update ! No update has been provided label Feb 17, 2025
@t-will-gillis
Copy link
Member Author

Closing this issue as a Duplicate because it was not needed: we were able to trigger then resolve a PR from the Dependabot alert itself.

@github-project-automation github-project-automation bot moved this from In progress (actively working) to QA in P: HfLA Website: Project Board Feb 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t-will-gillis t-will-gillis

Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue Feature: Code Alerts role: back end/devOps Tasks for back-end developers size: 1pt Can be done in 4-6 hours Status: Urgent Needs to be worked on immediately
Projects
P: HfLA Website: Project Board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t-will-gillis @HackforLABot