Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tech story: [M3-8386] - Update storybook to take care of tar vulnerability #10934

Merged
merged 2 commits into from
Sep 13, 2024
Merged

tech story: [M3-8386] - Update storybook to take care of tar vulnerability #10934

merged 2 commits into from
Sep 13, 2024

Conversation

coliu-akamai
Copy link
Contributor

@coliu-akamai coliu-akamai commented Sep 13, 2024
edited
Loading

Description πŸ“

Changes πŸ”„

  • upgrade Storybook to 8.3.0

Target release date πŸ—“οΈ

n/a

How to test πŸ§ͺ

  • confirm giget dependency (and therefore tar 6.2.0) is removed from yarn.lock
  • Run/build storybook locally to confirm no regression was introduced with this update

As an Author I have considered πŸ€”

Check all that apply

  • πŸ‘€ Doing a self review
  • ❔ Our contribution guidelines
  • 🀏 Splitting feature into small PRs
  • βž• Adding a changeset
  • πŸ§ͺ Providing/Improving test coverage
  • πŸ” Removing all sensitive information from the code and PR description
  • 🚩 Using a feature flag to protect the release
  • πŸ‘£ Providing comprehensive reproduction steps
  • πŸ“‘ Providing or updating our documentation
  • πŸ•› Scheduling a pair reviewing session
  • πŸ“± Providing mobile support
  • β™Ώ Providing accessibility support

@coliu-akamai coliu-akamai self-assigned this Sep 13, 2024
@coliu-akamai coliu-akamai marked this pull request as ready for review September 13, 2024 14:29
@coliu-akamai coliu-akamai requested a review from a team as a code owner September 13, 2024 14:29
@coliu-akamai coliu-akamai requested review from dwiley-akamai and cpathipa and removed request for a team September 13, 2024 14:29
bnussman-akamai
bnussman-akamai approved these changes Sep 13, 2024
View reviewed changes
Copy link
Member

@bnussman-akamai bnussman-akamai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Storybook is actually removing dependencies? 😲 I must be dreaming πŸ’­

Storybook looks when running locally βœ…
Cloud manager local dev works as expected βœ…
tar is no longer a dependency of our repo βœ… πŸŽ‰

@github-actions GitHub Actions
Copy link

Coverage Report: βœ…
Base Coverage: 86.64%
Current Coverage: 86.64%

@coliu-akamai coliu-akamai added the Add'tl Approval Needed Waiting on another approval! label Sep 13, 2024
@mjac0bs
Copy link
Contributor

mjac0bs commented Sep 13, 2024

Storybook is actually removing dependencies? 😲 I must be dreaming πŸ’­

They highlighted the change, too. I wonder how many complaints they get. πŸ˜„

image

mjac0bs
mjac0bs approved these changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@mjac0bs mjac0bs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

βœ… Building and running Storybook 8.3.0 locally works without regressions:
Screenshot 2024-09-13 at 8 16 39β€―AM
Screenshot 2024-09-13 at 8 18 51β€―AM

βœ… tar and giget deps do not exist in yarn.lock.

@mjac0bs mjac0bs added Approved Multiple approvals and ready to merge! and removed Add'tl Approval Needed Waiting on another approval! labels Sep 13, 2024
@coliu-akamai coliu-akamai merged commit f04dfcb into linode:develop Sep 13, 2024
19 checks passed
@coliu-akamai coliu-akamai added Ready for Review and removed Approved Multiple approvals and ready to merge! labels Sep 13, 2024
nikhagra-akamai pushed a commit to nikhagra-akamai/manager that referenced this pull request Sep 23, 2024
@coliu-akamai @nikhagra-akamai
tech story: [M3-8386] - Update storybook to take care of tar vulnerab…
9f11737 
…ility (linode#10934)

* update storybook to take care of tar vulnerability

* Added changeset: Update storybook to take care of tar vulnerability
This was referenced Sep 25, 2024
Merged
Merged
@coliu-akamai coliu-akamai deleted the m3-8386-fix-tar branch October 9, 2024 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bnussman-akamai bnussman-akamai bnussman-akamai approved these changes

@mjac0bs mjac0bs mjac0bs approved these changes

@dwiley-akamai dwiley-akamai Awaiting requested review from dwiley-akamai dwiley-akamai is a code owner automatically assigned from linode/frontend

@cpathipa cpathipa Awaiting requested review from cpathipa cpathipa is a code owner automatically assigned from linode/frontend

Assignees

@coliu-akamai coliu-akamai

Labels
Ready for Review Storybook
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@coliu-akamai @mjac0bs @bnussman-akamai