Project:
View Revisions: Issue #49377 | [ Back to Issue ] | ||
Summary | 0049377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated | ||
Revision | 2022-06-20 17:51 by adrianromero | ||
Description | a.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly. That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used. JSONIX part is managed in the related design defect https://issues.openbravo.com/view.php?id=49609 [^] b.1) npm audit issues (easy) run "npm audit fix" b.2) npm audit issues xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0 c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2) jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1) Note: - jsonix upstream seems to not have released a new version >3.0.0 yet |
||
Revision | 2022-06-20 17:49 by adrianromero | ||
Description | a.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly. That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used. b.1) npm audit issues (easy) run "npm audit fix" b.2) npm audit issues xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0 c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2) jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1) Note: - jsonix upstream seems to not have released a new version >3.0.0 yet |
Copyright © 2000 - 2009 MantisBT Group |