Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USWDS-Site: Fix snyk errors #2672

Merged
merged 1 commit into from
May 14, 2024
Merged

USWDS-Site: Fix snyk errors #2672

merged 1 commit into from
May 14, 2024

Conversation

amyleadem
Copy link
Contributor

Summary

Updated snyk ignore files

Problem statement

npx snyk test is throwing the following error:

Issues with no direct upgrade or patch:
  ✗ Uncontrolled resource consumption [High Severity][https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727] in [email protected]
    introduced by @uswds/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] and 7 other path(s)
  No upgrade or patch available
  ✗ Inefficient Regular Expression Complexity [High Severity][https://security.snyk.io/vuln/SNYK-JS-MICROMATCH-6838728] in [email protected]
    introduced by @uswds/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] and 6 other path(s)
  No upgrade or patch available

Solution

Updated snyk ignore. Ran the following in the command line:

npx snyk ignore --id="SNYK-JS-BRACES-6838727" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-MICROMATCH-6838728" --reason="No available upgrade or patch"

To keep all snyk ignores on the same schedule, I also ran the following:

npx snyk ignore --id="SNYK-JS-UNSETVALUE-2400660" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-ANSIREGEX-1583908" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-INFLIGHT-6095116" --reason="No available upgrade or patch"

Testing and review

To test, run npx snyk test and check for errors.

Reference

Ignoring Snyk alerts (Google docs 🔒)

@amyleadem amyleadem marked this pull request as ready for review May 13, 2024 20:11
@amyleadem amyleadem mentioned this pull request May 13, 2024
Merged
@amyleadem amyleadem requested review from mejiaj and mahoneycm May 13, 2024 20:15
mahoneycm
mahoneycm approved these changes May 14, 2024
View reviewed changes
Copy link
Contributor

@mahoneycm mahoneycm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm! Should we add an issue to uswds-compile to look into updating these dependencies to resolve these issues?

Looking into it, it looks like it might be resolved by updating Gulp to 5.0.0. We can use uswds/uswds-compile#99 to track

@heymatthenry heymatthenry merged commit e969209 into main May 14, 2024
8 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mahoneycm mahoneycm mahoneycm approved these changes

@mejiaj mejiaj mejiaj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amyleadem @mejiaj @mahoneycm @heymatthenry