Skip to content

Migrate NuGetInstallerV0 to Node10 #16495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 25, 2022
Merged

Migrate NuGetInstallerV0 to Node10 #16495

merged 7 commits into from
Jul 25, 2022

Conversation

@mpodriezov
Copy link
Contributor

@mpodriezov mpodriezov commented Jun 27, 2022

Task name: NuGetInstallerV0

Description: Migrated task to Node10

Documentation changes required: N

Added unit tests: N

Attached related issue: N

Checklist:

  • Task version was bumped - please check instruction how to do it
  • Checked that applied changes work as expected

The original PR was from AndreyIvanov42's fork here.

@mpodriezov mpodriezov requested a review from mmrazik June 27, 2022 13:11
@mpodriezov
Copy link
Contributor Author

mpodriezov commented Jun 27, 2022

@phil-hodgson Would you be able to test this task?

@mpodriezov mpodriezov mentioned this pull request Jun 27, 2022
Closed
2 tasks
@mpodriezov
Copy link
Contributor Author

mpodriezov commented Jun 27, 2022

There are some CG / npm audit issues. All seems to be some dependency defined in package.json like:

"packaging-common": "file:../../_build/Tasks/Common/packaging-common-1.0.1.tgz",
"utility-common": "file:../../_build/Tasks/Common/utility-common-1.0.2.tgz",

The npm audit list:

High Improper Privilege Management in shelljs
Dependency of 9558329fb9ca0d626ce645e9d04bf44e141e801210bd77a588847c7de22…

High Arbitrary Code Execution in underscore
Dependency of 9558329fb9ca0d626ce645e9d04bf44e141e801210bd77a588847c7de22…

Moderate Denial of Service in js-yaml
Dependency of c327b95400048f856ea478901dc0fb9481d79f218a4368a7eb4c273cc66…

High Code Injection in js-yaml
Dependency of c327b95400048f856ea478901dc0fb9481d79f218a4368a7eb4c273cc66…

...
found 8 vulnerabilities (3 moderate, 5 high) in 49 scanned packages

@mpodriezov
Copy link
Contributor Author

mpodriezov commented Jul 25, 2022

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 25, 2022

Azure Pipelines successfully started running 4 pipeline(s).

tintse-thxsky-MSFT
tintse-thxsky-MSFT approved these changes Jul 25, 2022
View reviewed changes
Copy link
Contributor

@tintse-thxsky-MSFT tintse-thxsky-MSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved and merged.

@tintse-thxsky-MSFT tintse-thxsky-MSFT merged commit 35ac313 into master Jul 25, 2022
@localconst localconst mentioned this pull request Aug 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmrazik mmrazik Awaiting requested review from mmrazik

@phil-hodgson phil-hodgson Awaiting requested review from phil-hodgson

@aasim aasim Awaiting requested review from aasim

@satbai satbai Awaiting requested review from satbai

1 more reviewer

@tintse-thxsky-MSFT tintse-thxsky-MSFT tintse-thxsky-MSFT approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mpodriezov @tintse-thxsky-MSFT @AndreyIvanov42