Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Manual backport 2.x][GHSA-x565-32qp-m3vf] Bump jimp to remove phin dependency (#6977) #6985

Merged
merged 1 commit into from
Jun 10, 2024
Merged

[Manual backport 2.x][GHSA-x565-32qp-m3vf] Bump jimp to remove phin dependency (#6977) #6985

merged 1 commit into from
Jun 10, 2024

Conversation

AMoo-Miki
Copy link
Collaborator

cherry picked commit 54cd2d0 from #6977

jimp@0.22.0 removed all the code that used phin.

load-bmfont, a nested dependency of jimp imports phin but that is a functionality we don't use as we don't import AngleCode bitmap fonts. With an arbitrarily bump of phin, this commit avoids including an offending version in the dev-deps.

Changelog

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@AMoo-Miki
[GHSA-x565-32qp-m3vf] Bump jimp to remove phin dependency (opensear…
36d6758 
…ch-project#6977)

`jimp@0.22.0` removed all the code that used phin.

`load-bmfont`, a nested dependency of `jimp` imports `phin` but that is a functionality we don't use as we don't import AngleCode bitmap fonts. With an arbitrarily bump of `phin`, this commit avoids including an offending version in the dev-deps.

Signed-off-by: Miki <miki@amazon.com>

(cherry picked from commit 54cd2d0)
Signed-off-by: Miki <miki@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

ℹ️ Manual Changeset Creation Reminder

Please ensure manual commit for changeset file 6985.yml under folder changelogs/fragments to complete this PR.

If you want to use the available OpenSearch Changeset Bot App to avoid manual creation of changeset file you can install it in your forked repository following this link.

For more information about formatting of changeset files, please visit OpenSearch Auto Changeset and Release Notes Tool.

@codecov Codecov
Copy link

codecov bot commented Jun 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.52%. Comparing base (87d9ee0) to head (36d6758).
Report is 1 commits behind head on 2.x.

Additional details and impacted files 
@@            Coverage Diff             @@
##              2.x    #6985      +/-   ##
==========================================
- Coverage   67.56%   67.52%   -0.04%     
==========================================
  Files        3441     3441              
  Lines       67805    67805              
  Branches    11017    11017              
==========================================
- Hits        45810    45786      -24     
- Misses      19333    19402      +69     
+ Partials     2662     2617      -45
Flag Coverage Δ
Linux_1 33.09% <ø> (ø)
Linux_2 ?
Linux_3 45.20% <ø> (ø)
Linux_4 35.03% <ø> (ø)
Windows_1 33.12% <ø> (ø)
Windows_2 55.18% <ø> (ø)
Windows_3 45.22% <ø> (ø)
Windows_4 35.03% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@AMoo-Miki AMoo-Miki changed the title [GHSA-x565-32qp-m3vf] Bump jimp to remove phin dependency (#6977) [Manual backport 2.x][GHSA-x565-32qp-m3vf] Bump jimp to remove phin dependency (#6977) Jun 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

❌ Changeset File Not Added Yet

Please ensure manual commit for changeset file 6985.yml under folder changelogs/fragments to complete this PR. File still missing.

@BionIT BionIT merged commit 0d06e3f into opensearch-project:2.x Jun 10, 2024
65 of 68 checks passed
@zhyuanqi zhyuanqi added the cve Security vulnerabilities detected by Dependabot or Mend label Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BionIT BionIT BionIT approved these changes

@manasvinibs manasvinibs manasvinibs approved these changes

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@curq curq Awaiting requested review from curq curq is a code owner

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@xinruiba xinruiba Awaiting requested review from xinruiba xinruiba is a code owner

@zhyuanqi zhyuanqi Awaiting requested review from zhyuanqi zhyuanqi is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend failed changeset v2.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AMoo-Miki @BionIT @manasvinibs @zhyuanqi