[Snyk] Security upgrade @backstage/plugin-techdocs from 0.0.0-use.local to 0.1.1 #6796
Conversation
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
Reviewer's GuideThis PR pins the @backstage/plugin-techdocs dependency to version 0.1.1 in package.json, replacing the local workspace reference to address a Prototype Pollution vulnerability flagged by Snyk. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
⛔ Snyk checks have failed. 98 issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
|
🔒 Entelligence AI Vulnerability Scanner ✅ No security vulnerabilities found! Your code passed our comprehensive security analysis. |
WalkthroughThis PR updates the dependency configuration in the techdocs-cli-embedded-app package by pinning the '@backstage/plugin-techdocs' dependency to a specific version (0.1.1) instead of using a workspace reference. This change ensures that the embedded app uses a stable, known version of the techdocs plugin rather than potentially pulling in breaking changes from the latest workspace version. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
title TechDocs CLI Embedded App Dependency Resolution
participant User as "Developer"
participant PM as "Package Manager (npm/yarn)"
participant App as "techdocs-cli-embedded-app"
participant Registry as "Package Registry"
participant TechDocs as "@backstage/plugin-techdocs"
participant OtherDeps as "Other Dependencies"
User->>PM: Install dependencies
activate PM
PM->>App: Read package.json
Note over App: Before: workspace reference<br>After: pinned to v0.1.1
PM->>Registry: Request @backstage/plugin-techdocs@0.1.1
Registry-->>PM: Return specific version 0.1.1
PM->>OtherDeps: Request workspace dependencies
OtherDeps-->>PM: Return latest workspace versions
PM-->>User: Dependencies installed
deactivate PM
Note over User,TechDocs: Impact: techdocs-cli-embedded-app<br>now uses a fixed version of the<br>TechDocs plugin instead of<br>the latest workspace version
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
LGTM 👍 |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
WalkthroughThis PR updates the dependency configuration in the techdocs-cli-embedded-app package by pinning the '@backstage/plugin-techdocs' dependency to a specific version (0.1.1) instead of using a workspace reference. This change ensures stability and compatibility by preventing automatic updates to newer workspace versions that might introduce breaking changes. The fixed version approach provides more predictable behavior for the techdocs-cli-embedded-app. Changes
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
LGTM 👍 |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
WalkthroughThis pull request modifies the dependency management strategy for the techdocs-cli-embedded-app package. The change replaces the workspace protocol reference for the '@backstage/plugin-techdocs' dependency with a specific pinned version (0.1.1). This transition from a dynamic workspace reference to a fixed version number indicates a shift toward version stability and controlled dependency resolution. The modification likely supports scenarios such as preparing the package for publication, ensuring compatibility with specific plugin versions, or preventing unexpected breaking changes from workspace updates. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant Dev as Developer
participant CLI as techdocs-cli-embedded-app
participant PM as Package Manager
participant WS as Workspace (Local)
participant NPM as NPM Registry
Note over Dev,NPM: Before Change (workspace:^)
Dev->>PM: Install dependencies
PM->>CLI: Resolve @backstage/plugin-techdocs
CLI->>PM: Request workspace:^
PM->>WS: Fetch from local workspace
WS-->>PM: Return local package
PM-->>CLI: Link local dependency
Note over Dev,NPM: After Change (0.1.1)
Dev->>PM: Install dependencies
PM->>CLI: Resolve @backstage/plugin-techdocs
CLI->>PM: Request version 0.1.1
PM->>NPM: Fetch from registry
NPM-->>PM: Return published package v0.1.1
PM-->>CLI: Install npm dependency
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
WalkthroughThis pull request modifies the dependency management strategy for the techdocs-cli-embedded-app package. The change replaces the workspace protocol reference for the '@backstage/plugin-techdocs' dependency with a specific pinned version (0.1.1). This transition from a dynamic workspace reference to a fixed version number indicates a shift toward version stability and controlled dependency resolution. The modification likely supports scenarios such as preparing the package for publication, ensuring compatibility with specific plugin versions, or preventing unexpected breaking changes from workspace updates. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant Dev as Developer
participant CLI as techdocs-cli-embedded-app
participant PM as Package Manager
participant WS as Workspace (Local)
participant NPM as NPM Registry
Note over Dev,NPM: Before Change (workspace:^)
Dev->>PM: Install dependencies
PM->>CLI: Resolve @backstage/plugin-techdocs
CLI->>PM: Request workspace:^
PM->>WS: Fetch from local workspace
WS-->>PM: Return local package
PM-->>CLI: Link local dependency
Note over Dev,NPM: After Change (0.1.1)
Dev->>PM: Install dependencies
PM->>CLI: Resolve @backstage/plugin-techdocs
CLI->>PM: Request version 0.1.1
PM->>NPM: Fetch from registry
NPM-->>PM: Return published package v0.1.1
PM-->>CLI: Install npm dependency
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
WalkthroughThis pull request modifies the dependency management strategy for the techdocs-cli-embedded-app package. The change replaces the workspace protocol reference for the '@backstage/plugin-techdocs' dependency with a specific pinned version (0.1.1). This transition from a dynamic workspace reference to a fixed version number indicates a shift toward version stability and controlled dependency resolution. The modification ensures that the embedded app will consistently use version 0.1.1 of the techdocs plugin, which may be necessary for compatibility guarantees, production deployment requirements, or package publication preparation. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant Dev as Developer
participant PM as Package Manager
participant Local as Local Workspace
participant Registry as NPM Registry
participant App as techdocs-cli-embedded-app
Note over Dev,App: Before: workspace:^ dependency
Dev->>PM: Install dependencies (before)
PM->>Local: Resolve @backstage/plugin-techdocs
Local-->>PM: Return local workspace version
PM->>App: Link local plugin-techdocs
Note over Dev,App: After: 0.1.1 specific version
Dev->>PM: Install dependencies (after)
PM->>Registry: Fetch @backstage/plugin-techdocs@0.1.1
Registry-->>PM: Return version 0.1.1
PM->>App: Install plugin-techdocs@0.1.1
Note over App: App now uses fixed version<br/>instead of local workspace
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
WalkthroughThis pull request implements a comprehensive update to the application's infrastructure and functionality. It introduces new cron job configurations for automated polling tasks, adds Django management commands for both test polling and document polling operations with integrated logging capabilities, and includes minor code formatting improvements. The changes focus on establishing a scheduled task execution framework through cron jobs while providing the necessary command-line tools to support these operations. Additionally, cleanup commands are included to manage old cron job backup files, ensuring the system maintains a clean state over time. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant Dev as Developer
participant PM as Package Manager
participant WS as Workspace Registry
participant NPM as NPM Registry
participant App as techdocs-cli-embedded-app
Dev->>PM: npm/yarn install
Note over PM,App: Processing dependencies
PM->>App: Read package.json
alt Before Change (workspace:^)
PM->>WS: Resolve @backstage/plugin-techdocs
WS-->>PM: Return local workspace version
PM->>App: Link local workspace package
else After Change (0.1.1)
PM->>NPM: Resolve @backstage/plugin-techdocs@0.1.1
NPM-->>PM: Return published version 0.1.1
PM->>App: Install specific version 0.1.1
end
Note over App: Dependency resolution complete<br/>with pinned version
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
|
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
…abilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
EntelligenceAI PR Summary
This PR establishes automated polling infrastructure with cron jobs and Django management commands for scheduled task execution.
.ebextensions/polling.configto run polling script every 10 minutespoll_test.pymanagement command for test polling with loggingpoll_docs.pyhandle method