The GitHub Actions job "Tests" on airflow.git/v3-1-test has failed. Run started by GitHub user vincbeck (triggered by vincbeck).
Head commit for run: b77ab9a1cd04bf00e953ff4a12ded59899c162f8 / Pierre Jeambrun <[email protected]> [V3-1-test] Fix minimatch ReDoS vulnerabilities via pnpm overrides (#62805) * Fix minimatch ReDoS vulnerabilities via pnpm overrides Update pnpm overrides to patch minimatch ReDoS vulnerabilities (CVE for matchOne() combinatorial backtracking and nested extglobs) across three UI manifests: - airflow-core/src/airflow/ui: add overrides for <3.1.4, >=9.0.0 <9.0.7, >=10.0.0 <10.2.3 - simple-auth-manager-ui: add overrides for <3.1.4, >=9.0.0 <9.0.7, >=10.0.0 <10.2.3 - react-plugin-template: add overrides for <3.1.4, >=9.0.0 <9.0.7, >=10.0.0 <10.2.3 * Constrain minimatch overrides to major version ranges The minimatch overrides used open-ended ranges (e.g. >=3.1.4) which allowed pnpm to resolve 3.x consumers to 10.x, breaking the API (minimatch 10.x uses named exports, 3.x uses a default function). Constrain to >=3.1.4 <4.0.0 and >=9.0.7 <10.0.0 respectively. Report URL: https://github.com/apache/airflow/actions/runs/22637548030 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
