Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update cookie-tough dependency #6772

Merged
merged 2 commits into from
Jul 11, 2023
Merged

fix: update cookie-tough dependency #6772

merged 2 commits into from
Jul 11, 2023

Conversation

tommasini
Copy link
Contributor

@tommasini tommasini commented Jul 10, 2023
edited
Loading

Description
This PR aims to solve vulnerabilities found

Vulnerability Found:
Severity: MODERATE
Modules: @metamask/network-controller>web3-provider-engine>request>tough-cookie, @metamask/assets-controllers>@metamask/network-controller>web3-provider-engine>request>tough-cookie
URL: GHSA-72xf-g2v4-qvf3
Vulnerability Found:
Severity: MODERATE
Modules: @metamask/network-controller>web3-provider-engine>request>tough-cookie, @metamask/assets-controllers>@metamask/network-controller>web3-provider-engine>request>tough-cookie
URL: GHSA-72xf-g2v4-qvf3

Screenshots/Recordings

Wallet with zero balance changing networks:
https://recordit.co/ZuOnh6Z14H
Imported account -> imported tokens, imported nfts (automatically and manually)
https://recordit.co/f09WdFAkW6 (import nft manually)
https://recordit.co/9TWRuGY56I
Transactions (e2e test dapp, send flow and almost swap on uniswap)
https://recordit.co/Hx921Okotm

E2E QA:
https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/d5caec38-1f19-4536-b180-3541cf4cda40

Issue

Progresses #???

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@tommasini tommasini added needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) Spot Check on the Release Build If a ticket doesn't require feature QA, but does require some form of manual spot checking release-7.4.0 Issue or pull request that will be included in release 7.4.0 labels Jul 10, 2023
tommasini
tommasini commented Jul 10, 2023
View reviewed changes
yarn.lock Show resolved Hide resolved
@MarioAslau MarioAslau self-requested a review July 10, 2023 16:05
MarioAslau
MarioAslau approved these changes Jul 10, 2023
View reviewed changes
Copy link
Contributor

@MarioAslau MarioAslau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@tommasini tommasini added No QA Needed Apply this label when your PR does not need any QA effort. and removed Spot Check on the Release Build If a ticket doesn't require feature QA, but does require some form of manual spot checking labels Jul 10, 2023
@Gudahtt Gudahtt mentioned this pull request Jul 11, 2023
Closed
3 tasks
@sonarcloud
Copy link

sonarcloud bot commented Jul 11, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sethkfman
sethkfman approved these changes Jul 11, 2023
View reviewed changes
Copy link
Contributor

@sethkfman sethkfman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tommasini tommasini merged commit 57671ff into main Jul 11, 2023
11 checks passed
@tommasini tommasini deleted the fix/tough-cookie branch July 11, 2023 15:41
@github-actions github-actions bot removed the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Jul 11, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Jul 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sethkfman sethkfman sethkfman approved these changes

@MarioAslau MarioAslau MarioAslau approved these changes

Assignees
No one assigned
Labels
No QA Needed Apply this label when your PR does not need any QA effort. release-7.4.0 Issue or pull request that will be included in release 7.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tommasini @sethkfman @MarioAslau