Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #49377 Back to Issue ]
Summary 0049377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated
Revision 2022-06-20 17:51 by adrianromero
Description a.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly.

That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used.

JSONIX part is managed in the related design defect https://issues.openbravo.com/view.php?id=49609 [^]

b.1) npm audit issues (easy)
run "npm audit fix"

b.2) npm audit issues
xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0

c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries
jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2)
jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1)

Note:
- jsonix upstream seems to not have released a new version >3.0.0 yet

Revision 2022-06-20 17:49 by adrianromero
Description a.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly.

That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used.

b.1) npm audit issues (easy)
run "npm audit fix"

b.2) npm audit issues
xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0

c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries
jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2)
jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1)

Note:
- jsonix upstream seems to not have released a new version >3.0.0 yet



Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker