Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove cookie support. #485

Merged
merged 2 commits into from
Jul 6, 2023
Merged

Remove cookie support. #485

merged 2 commits into from
Jul 6, 2023

Conversation

astegmaier
Copy link

This addresses #483 and supersedes PR #484. There is a security vulnerability in the tough-cookie package for versions <4.3.1 - see https://nvd.nist.gov/vuln/detail/CVE-2023-26136. Previously @azure/ms-rest-js depended on ^3.0.0, which locked tough-cookie to an unsecure version.

After discussion with @xirzec, we concluded the right resolution was to remove the dependency entirely, similar to what was done in azure-sdk-for-js PR 24660, which was the model for this PR.

Testing

Build (npm run build) and tests (npm run test) continue to succeed with this upgrade.

@xirzec xirzec mentioned this pull request Jul 6, 2023
Closed
xirzec
xirzec requested changes Jul 6, 2023
View reviewed changes
Copy link
Member

@xirzec xirzec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@astegmaier can you bump the version in

ms-rest-js/lib/util/constants.ts

Line 10 in 3b57cdf

msRestVersion: "2.6.6",
and in package.json, and add a Changelog.md entry?

That should be all that is needed to make the CI happy and allow us to release.

@astegmaier
Copy link
Author

@astegmaier can you bump the version in

ms-rest-js/lib/util/constants.ts

Line 10 in 3b57cdf

msRestVersion: "2.6.6",

and in package.json, and add a Changelog.md entry?
That should be all that is needed to make the CI happy and allow us to release.

Done.

xirzec
xirzec approved these changes Jul 6, 2023
View reviewed changes
Copy link
Member

@xirzec xirzec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@xirzec xirzec merged commit d052744 into Azure:master Jul 6, 2023
13 of 15 checks passed
@xirzec
Copy link
Member

xirzec commented Jul 6, 2023

@astegmaier 2.7.0 should be live now https://www.npmjs.com/package/@azure/ms-rest-js/v/2.7.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xirzec xirzec xirzec approved these changes

@jeremymeng jeremymeng Awaiting requested review from jeremymeng jeremymeng is a code owner

@deyaaeldeen deyaaeldeen Awaiting requested review from deyaaeldeen deyaaeldeen is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@astegmaier @xirzec