Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump fast-xml-parser from 4.3.2 to 4.4.1 #859

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump fast-xml-parser from 4.3.2 to 4.4.1 #859

wants to merge 1 commit into from

Conversation

dpilch
Copy link
Member

@dpilch dpilch commented Jul 30, 2024
edited
Loading

Description of changes

Security patch for fast-xml-parser. Dependabot was not able to create this automatically because some deps rely on an exact version [email protected]. I created a resolution to the patched version of fast-xml-parser.

[email protected] is pulled in through various AWS SDK packages. The AWS SDK packages are dependencies of amplify-backend (which is only used as a test package in this repo).

npm list fast-xml-parser
[email protected] /Users/dppilche/amplify/amplify-codegen
├─┬ @aws-amplify/[email protected] -> ./packages/amplify-codegen-e2e-tests
│ ├─┬ @aws-amplify/[email protected]
│ │ ├─┬ @aws-amplify/[email protected]
│ │ │ └─┬ @aws-amplify/[email protected]
│ │ │   ├─┬ @aws-amplify/[email protected]
│ │ │   │ └─┬ @aws-amplify/[email protected] invalid: "^0.2.0" from node_modules/@aws-amplify/data-construct/node_modules/@aws-amplify/backend-output-storage
│ │ │   │   └─┬ @aws-sdk/[email protected]
│ │ │   │     └── [email protected]

API Category also has a resolution so I think there shouldn't be any I'll effects from this. I've started an E2E test run to confirm.

E2E Tests

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dpilch dpilch marked this pull request as ready for review July 31, 2024 17:31
@dpilch dpilch requested a review from a team as a code owner July 31, 2024 17:32
@dpilch dpilch enabled auto-merge (squash) July 31, 2024 17:32
awsluja
awsluja reviewed Jul 31, 2024
View reviewed changes
package.json
@@ -131,7 +131,8 @@
"glob-parent": "^6.0.2",
"parse-url": "^8.1.0",
"graphql": "15.8.0",
"xml2js": "0.5.0"
"xml2js": "0.5.0",
"fast-xml-parser": "^4.4.1"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aws-sdk has shipped a patch aws/aws-sdk-js-v3#6330
the team noticed this applying the same resolution to amplify backend

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

working on the fix now

@dpilch dpilch disabled auto-merge July 31, 2024 22:08
@dpilch dpilch marked this pull request as draft July 31, 2024 22:08
@dpilch dpilch closed this Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@awsluja awsluja awsluja left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpilch @awsluja