Openbravo Issue Tracking System - POS2
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0046777POS2Corepublic2021-05-21 10:292021-07-16 11:28
Reportershuehner 
Assigned Toplatform 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0046777: Update package-lock.json to fix npm audit issues
Descriptionnpm audit reports problems which should be fixed by updating versions in the package-lock.json

found 7201 vulnerabilities (267 moderate, 6934 high) in 2679 scanned packages
  run `npm audit fix` to fix 7109 of them.
  2 vulnerabilities require semver-major dependency updates.
  90 vulnerabilities require manual review. See the full report for details.

Grouping them to causing package:
$ npm audit | grep 'Package' | sort | uniq -c
     30 │ Package │ browserslist
      5 │ Package │ css-what
      1 │ Package │ dns-packet
     26 │ Package │ glob-parent
     88 │ Package │ hosted-git-info
   6916 │ Package │ lodash
    102 │ Package │ postcss
     10 │ Package │ prismjs
      8 │ Package │ ssri
      2 │ Package │ url-parse
     13 │ Package │ ws
Steps To Reproducecd modules/org.openbravo.core2/web-jspack/org.openbravo.core2
npm audit
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 0046775PR21Q3 closed AugustoMauch Openbravo ERP Update package-lock.json to fix npm audit issues 
related to design defect 0047411 closed Triage Platform Base POS2 npm audit reports issues for CRA 
related to design defect 0047415 closed Triage Platform Base POS2 npm audit reports issues for Storybook 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-05-21 10:29shuehnerNew Issue
2021-05-21 10:29shuehnerAssigned To => Retail
2021-05-21 10:29shuehnerTriggers an Emergency Pack => No
2021-05-21 18:20guilleaerAssigned ToRetail => platform
2021-05-21 18:20guilleaerStatusnew => acknowledged
2021-05-21 18:21guilleaerResolution time => 1626818400
2021-05-21 18:21guilleaerResolution time1626818400 => 1625522400
2021-05-26 17:11shuehnerStatusacknowledged => scheduled
2021-05-26 17:12shuehnerResolution time1625522400 =>
2021-05-26 17:13shuehnerSeverityminor => major
2021-05-26 17:18guilleaerResolution time => 1623794400
2021-05-26 17:19guilleaerRelationship addedrelated to 0046775
2021-05-26 17:19guilleaerNote Added: 0128685
2021-06-22 11:32shuehnerResolution time1623794400 => 1627509600
2021-07-14 18:01shuehnerNote Added: 0130482
2021-07-14 18:01shuehnerDescription Updatedbug_revision_view_page.php?rev_id=22888#r22888
2021-07-15 12:57hgbotNote Added: 0130508
2021-07-16 11:28hgbotResolutionopen => fixed
2021-07-16 11:28hgbotStatusscheduled => closed
2021-07-16 11:28hgbotNote Added: 0130533
2021-07-16 11:28hgbotNote Added: 0130534
2021-07-19 12:59alostaleRelationship addedrelated to 0047411
2021-07-20 07:04alostaleRelationship addedrelated to 0047415

Notes
(0128685)
guilleaer   
2021-05-26 17:19   
would make sense to do with same person as 46775 (for platform backoffice)
(0130482)
shuehner   
2021-07-14 18:01   
Updating list of packages to update as of 2021-07-14
(0130508)
hgbot   
2021-07-15 12:57   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/596 [^]
(0130533)
hgbot   
2021-07-16 11:28   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 80e72534ec30f8f8f3050f8309a958352535bfd2
Author: Asier Lostalé <asier.lostale@openbravo.com>
Date: 2021-07-16T09:28:05+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/80e72534ec30f8f8f3050f8309a958352535bfd2 [^]

fixes ISSUE-46777: updates to fix npm audit

On top of automatic `npm audit fix` updates, the following libraries
have also been updated:

* react: 17.0.1 -> 17.0.2
* react-scripts: 4.0.0 -> 4.0.3

---
M web-jspack/org.openbravo.core2/package-lock.json
M web-jspack/org.openbravo.core2/package.json
---
(0130534)
hgbot   
2021-07-16 11:28   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/596 [^]