Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade tar from 4.4.13/6.0.2 to 6.1.6 #704

Merged
merged 1 commit into from
Sep 1, 2021
Merged

Upgrade tar from 4.4.13/6.0.2 to 6.1.6 #704

merged 1 commit into from
Sep 1, 2021

Conversation

tmarkley
Copy link
Contributor

@tmarkley tmarkley commented Aug 5, 2021
edited
Loading

Description

Requires tar 6.1.6 - upgrade from 4.4.13 and 6.0.2

There are no breaking changes from 4.4 to 6.0, so I chose to upgrade instead of bumping each of the minor versions.

Signed-off-by: Tommy Markley markleyt@amazon.com

Before:

$ yarn why tar
yarn why v1.22.10
[1/4] Why do we have the module "tar"...?
[2/4] Initialising dependency graph...
warning Resolution field "typescript@4.0.2" is incompatible with requested version "typescript@~3.7.2"
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "tar@4.4.13"
info Has been hoisted to "tar"
info Reasons this module exists
   - "workspace-aggregator-423cef4e-f2ec-4da7-ac0c-aa47624bf810" depends on it
   - Specified in "dependencies"
   - Hoisted from "_project_#tar"
info Disk size without dependencies: "320KB"
info Disk size with unique dependencies: "544KB"
info Disk size with transitive dependencies: "648KB"
info Number of shared dependencies: 8
=> Found "geckodriver#tar@6.0.2"
info This module exists because "_project_#geckodriver" depends on it.
=> Found "cacache#tar@6.0.2"
info This module exists because "_project_#cacache" depends on it.
=> Found "node-gyp#tar@6.0.2"
info This module exists because "_project_#re2#node-gyp" depends on it.
Done in 1.41s.

Removing the resolution in the future will require upgrading geckodriver (which doesn't have a version that uses tar@6.1.6), cacache, and re2.

Issues Resolved

Addresses GHSA-3jfq-g458-7qm9

Testing

Screen Shot 2021-08-31 at 7 25 15 PM

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

@tmarkley tmarkley added dependencies Pull requests that update a dependency file v1.1.0 labels Aug 5, 2021
@tmarkley tmarkley self-assigned this Aug 5, 2021
@opensearch-ci-bot
Copy link
Collaborator

✅   DCO Check Passed ef10093

@tmarkley tmarkley mentioned this pull request Aug 6, 2021
Closed
boktorbb
boktorbb previously approved these changes Aug 11, 2021
View reviewed changes
@kavilla
Copy link
Member

kavilla commented Aug 31, 2021
edited
Loading

Won't be in 1.0.1. Do all the build commands work?

@tmarkley
Copy link
Contributor Author

Won't be in 1.0.1. Do all the build commands work?

@kavilla do we need to manually test some of the build commands?

Upgrade tar from 4.4.13/6.0.2 to 6.1.6
46bc9d9 
Addresses GHSA-3jfq-g458-7qm9

Requires [tar](https://github.com/npm/node-tar) 6.1.6 - upgrade from 4.4.13 and 6.0.2
- [Release notes](https://github.com/npm/node-tar/releases/tag/v6.1.6)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.13...v6.1.6)

There are no breaking changes from 4.4 to 6.0, so I chose to upgrade
instead of bumping each of the minor versions.

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@opensearch-ci-bot
Copy link
Collaborator

✅   DCO Check Passed 46bc9d9

@kavilla kavilla mentioned this pull request Aug 31, 2021
Closed
seanneumann
seanneumann approved these changes Sep 1, 2021
View reviewed changes
Copy link
Contributor

@seanneumann seanneumann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tmarkley tmarkley merged commit 27ee024 into opensearch-project:main Sep 1, 2021
@tmarkley tmarkley deleted the deps-tar branch September 1, 2021 18:52
tmarkley pushed a commit to tmarkley/OpenSearch-Dashboards that referenced this pull request Sep 1, 2021
Upgrade tar from 4.4.13/6.0.2 to 6.1.6 (opensearch-project#704)
445097c 
Addresses GHSA-3jfq-g458-7qm9

Requires [tar](https://github.com/npm/node-tar) 6.1.6 - upgrade from 4.4.13 and 6.0.2
- [Release notes](https://github.com/npm/node-tar/releases/tag/v6.1.6)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.13...v6.1.6)

There are no breaking changes from 4.4 to 6.0, so I chose to upgrade
instead of bumping each of the minor versions.

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley mentioned this pull request Sep 1, 2021
Merged
1 task
tmarkley pushed a commit that referenced this pull request Sep 1, 2021
Upgrade tar from 4.4.13/6.0.2 to 6.1.6 (#704) (#756)
25bac62 
Addresses GHSA-3jfq-g458-7qm9

Requires [tar](https://github.com/npm/node-tar) 6.1.6 - upgrade from 4.4.13 and 6.0.2
- [Release notes](https://github.com/npm/node-tar/releases/tag/v6.1.6)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.13...v6.1.6)

There are no breaking changes from 4.4 to 6.0, so I chose to upgrade
instead of bumping each of the minor versions.

Signed-off-by: Tommy Markley <markleyt@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanneumann seanneumann seanneumann approved these changes

@kavilla kavilla kavilla approved these changes

@boktorbb boktorbb boktorbb left review comments

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

Assignees

@tmarkley tmarkley

Labels
dependencies Pull requests that update a dependency file v1.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tmarkley @opensearch-ci-bot @kavilla @seanneumann @boktorbb