Re: [PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
pierrejeambrun merged PR #62796: URL: https://github.com/apache/airflow/pull/62796 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
pierrejeambrun commented on PR #62796: URL: https://github.com/apache/airflow/pull/62796#issuecomment-3993100323 It's already backported. I'll solve conflicts tomorrow -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
potiuk commented on PR #62796: URL: https://github.com/apache/airflow/pull/62796#issuecomment-3993029370 Conflicts? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
Re: [PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
pierrejeambrun commented on PR #62796: URL: https://github.com/apache/airflow/pull/62796#issuecomment-3992392146 Backport PR https://github.com/apache/airflow/pull/62805 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
[PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
pierrejeambrun opened a new pull request, #62805:
URL: https://github.com/apache/airflow/pull/62805
Update pnpm overrides to patch minimatch ReDoS vulnerabilities (CVE for
matchOne() combinatorial backtracking and nested extglobs) across three UI
manifests:
- airflow-core/src/airflow/ui: add overrides for <3.1.4, >=9.0.0 <9.0.7,
>=10.0.0 <10.2.3
- simple-auth-manager-ui: add overrides for <3.1.4, >=9.0.0 <9.0.7, >=10.0.0
<10.2.3
- react-plugin-template: add overrides for <3.1.4, >=9.0.0 <9.0.7, >=10.0.0
<10.2.3
---
# Was generative AI tooling used to co-author this PR?
- [ ] Yes (please specify the tool below)
---
* Read the **[Pull Request
Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)**
for more information. Note: commit author/co-author name and email in commits
become permanently public when merged.
* For fundamental code changes, an Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals))
is needed.
* When adding dependency, check compliance with the [ASF 3rd Party License
Policy](https://www.apache.org/legal/resolved.html#category-x).
* For significant user-facing changes create newsfragment:
`{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in
[airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Re: [PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
vincbeck commented on PR #62796: URL: https://github.com/apache/airflow/pull/62796#issuecomment-3992080167 Closing https://github.com/apache/airflow/pull/62743 then -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
[PR] Fix minimatch ReDoS vulnerabilities via pnpm overrides [airflow]
pierrejeambrun opened a new pull request, #62796:
URL: https://github.com/apache/airflow/pull/62796
Update pnpm overrides to patch minimatch ReDoS vulnerabilities (CVE for
matchOne() combinatorial backtracking and nested extglobs) across three UI
manifests:
- airflow-core/src/airflow/ui: add overrides for <3.1.4, >=9.0.0 <9.0.7,
>=10.0.0 <10.2.3
- simple-auth-manager-ui: bump override from <10.2.1 to <10.2.3
- react-plugin-template: bump override from <10.2.1 to <10.2.3
---
# Was generative AI tooling used to co-author this PR?
- [ ] Yes (please specify the tool below)
---
* Read the **[Pull Request
Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)**
for more information. Note: commit author/co-author name and email in commits
become permanently public when merged.
* For fundamental code changes, an Airflow Improvement Proposal
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals))
is needed.
* When adding dependency, check compliance with the [ASF 3rd Party License
Policy](https://www.apache.org/legal/resolved.html#category-x).
* For significant user-facing changes create newsfragment:
`{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in
[airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
