Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0042957Openbravo ERPA. Platformpublic2020-01-21 18:342020-01-28 13:22
shuehner 
jarmendariz 
urgentmajorhave not tried
closedfixed 
5
 
3.0PR20Q2 
alostale
Core
No
0042957: Update package-lock.json to fix npm-reported vulnerabilities
Using npm install as necessary step for the jslint & formatter tools in pi shows following warning:
found 12 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

Cause is having package-lock.json fixing some npm packages to older versions still having those issues.

package-lock.json should be updated to pull in latest versions version of the dependencies.
Use npm install in a clone of pi and review output
No tags attached.
related to defect 0043705 new platform Fix security issues in npm dependencies 
Issue History
2020-01-21 18:34shuehnerNew Issue
2020-01-21 18:34shuehnerAssigned To => platform
2020-01-21 18:34shuehnerModules => Core
2020-01-21 18:34shuehnerTriggers an Emergency Pack => No
2020-01-24 08:50jarmendarizAssigned Toplatform => jarmendariz
2020-01-24 08:51jarmendarizStatusnew => scheduled
2020-01-24 13:35jarmendarizNote Added: 0117235
2020-01-24 13:35jarmendarizStatusscheduled => resolved
2020-01-24 13:35jarmendarizFixed in Version => 3.0PR20Q2
2020-01-24 13:35jarmendarizFixed in SCM revision => c5ff57ca6732
2020-01-24 13:35jarmendarizResolutionopen => fixed
2020-01-28 13:22alostaleReview Assigned To => alostale
2020-01-28 13:22alostaleStatusresolved => closed
2020-04-08 10:58jarmendarizRelationship addedrelated to 0043705

Notes
(0117235)
jarmendariz   
2020-01-24 13:35   
Repository: erp/devel/pi
Changeset: c5ff57ca6732
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Thu Jan 24 08:55:59 2020 +0100
URL: https://code.openbravo.com/erp/devel/pi/rev/c5ff57ca6732 [^] [^]

FIX-42957: Update package-lock to fix npm vulnerabilities.

---
M modules/org.openbravo.client.kernel/jsutils/check-npm-deps
M package-lock.json
---