Closed gamontal closed 2 years ago
gamontal
commented
2 years ago Hi @obvioussean - Reaching out to you since you were the last to review and merge a PR in this project :). I've successfully tested these changes in private org. Please let me know if you have any questions or concerns. Thanks!
obvioussean
commented
2 years ago @gamontal this looks fine but since I'm no longer involved with the team, I'm hesitant to approve it. @micarls may be a more appropriate approver at this point.
gamontal
commented
2 years ago Thanks for reviewing and pointing me to the right contact @obvioussean! @micarls Please let me know if you have any questions or concerns.
MOlausson
commented
2 years ago @gamontal @obvioussean @micarls I'll take a look at this. I'm part of the team taking over support for this and a bunch of other MS DevLabs extensions (see https://devblogs.microsoft.com/devops/azure-boards-fall-update/). We're starting a general overhaul of the extensions to release updates with patching and fixes to the most asked for fixes/features. Stay tuned for more updates!
MOlausson
commented
2 years ago @gamontal agree with @obvioussean, this looks good. Thanks for your contribution.
MOlausson
commented
2 years ago @gamontal we're going to release an update after it's been tested on Azure DevOps server as well.
gamontal
commented
2 years ago Hello @MOlausson, thanks again for giving context into the support/ownership changes for this project and merging my patches. I was wondering if there is an established ETA to get this extension updated and published to the Marketplace?
A recent NPM Audit scan reported over 70 different vulnerabilities from Moderate to Critical categories. Most of them were resolved via package upgrades, but a few others like webpack and typings required additional config modifications. This PR also removes the dependency on Typings which is no longer supported and is vulnerable to Machine-In-The-Middle and Denial of Service attacks.