[7.113.x] CRW-9679: Fix CVE-2025-64756 by updating glob to 10.5.0 #630
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mykhailo Kuznietsov <[email protected]>
Signed-off-by: Mykhailo Kuznietsov <[email protected]>
Signed-off-by: Roman Nikitenko <[email protected]>
Signed-off-by: Roman Nikitenko <[email protected]>
Signed-off-by: Roman Nikitenko <[email protected]>
…cker (che-incubator#610) * Upgrade Jest to 29.7.0 in che-remote and remove from che-activity-tracker che-remote: - Upgraded Jest from 27.3.1 to 29.7.0 - Updated @types/jest from ^27.4.0 to ^29.5.0 - Updated ts-jest from 27.0.7 to 29.4.5 - All tests pass successfully che-activity-tracker: - Removed Jest dependencies (jest, @types/jest, ts-jest) - Removed test script (no tests exist in this extension) - Removed jsdom overrides (no longer needed without Jest) - Reduced package count from 283 to 6 packages This brings che-remote in line with other che extensions using Jest 29.7.0, while removing unnecessary testing infrastructure from che-activity-tracker. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * added typescript as dev dependency, similar to launcher code --------- Co-authored-by: Claude <[email protected]>
Signed-off-by: Roman Nikitenko <[email protected]>
Updated @vscode/test-cli and @vscode/test-web packages which include the patched [email protected] version, addressing CVE-2025-64756 (glob CLI command injection vulnerability). Additional changes: - Added TypeScript as dev dependency to che-api, che-port, and che-resource-monitor extensions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]> Signed-off-by: Stephane Bouchet <[email protected]>
sbouchet
requested review from
RomanNikitenko,
azatsarynnyy and
vitaliy-guliy
as code owners
|
@sbouchet: This pull request references CRW-9679 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the vulnerability to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Click here to review and test in web IDE: |
&message=Dev%20cluster%20(for%20maintainers)&logo=eclipseche&color=525C86&labelColor=FDB940)
|
Pull Request images published ✨ Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-630-amd64 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
What issues does this PR fix?
backport of #611
How to test this PR?
Does this PR contain changes that override default upstream Code-OSS behavior?
git rebasewere added to the .rebase folder