Openbravo Issue Tracking System - POS2
View Issue Details
0047535POS2Corepublic2021-08-11 16:232021-12-10 09:47
shuehner 
platform 
normalmajorhave not tried
closedfixed 
5
 
 
No
0047535: Update package-lock.json to fix npm audit issues
npm audit reports problems which should be fixed by updating versions in the package-lock.json

found 621 vulnerabilities (607 moderate, 14 high) in 3127 scanned packages
  run `npm audit fix` to fix 584 of them.
  1 vulnerability requires semver-major dependency updates.
  36 vulnerabilities require manual review. See the full report for details.

Grouping them to causing package:
npm audit | grep 'Package' | sort | uniq -c
      4 │ Package │ browserslist => Tracked as (47415 already)
     30 │ Package │ glob-parent => Tracked as (47415 already)
    554 │ Package │ path-parse
     17 │ Package │ ssri
     10 │ Package │ tar
      4 │ Package │ trim
      2 │ Package │ url-parse

Note: Some other issues are tracked as 47411 (and blocked externally). However 47411 is missing list of what is covered exactly.
run "npm audit" in source.path
No tags attached.
related to design defect 0047411 acknowledged platform POS2 npm audit reports issues for CRA 
related to design defect 0047415 acknowledged platform POS2 npm audit reports issues for Storybook 
related to defect 0047534 closed jarmendariz Openbravo ERP Update package-lock.json to fix npm audit issues 
Issue History
2021-08-11 16:23shuehnerNew Issue
2021-08-11 16:23shuehnerAssigned To => Retail
2021-08-11 16:23shuehnerTriggers an Emergency Pack => No
2021-08-11 16:25shuehnerDescription Updatedbug_revision_view_page.php?rev_id=22987#r22987
2021-08-11 16:26shuehnerRelationship addedrelated to 0047411
2021-08-11 16:26shuehnerRelationship addedrelated to 0047415
2021-08-11 16:26shuehnerRelationship addedrelated to 0047534
2021-08-23 09:51dmiguelezAssigned ToRetail => platform
2021-08-23 09:51dmiguelezStatusnew => acknowledged
2021-08-23 09:51dmiguelezResolution time => 1630879200
2021-11-16 13:31hgbotNote Added: 0133104
2021-11-16 15:07AugustoMauchStatusacknowledged => scheduled
2021-12-10 09:47hgbotNote Added: 0133596
2021-12-10 09:47hgbotResolutionopen => fixed
2021-12-10 09:47hgbotStatusscheduled => closed
2021-12-10 09:47hgbotNote Added: 0133597

Notes
(0133104)
hgbot   
2021-11-16 13:31   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/666 [^]
(0133596)
hgbot   
2021-12-10 09:47   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/666 [^]
(0133597)
hgbot   
2021-12-10 09:47   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 17c428925a2796ad99ce9f468cf8cf5d9e4f5feb
Author: Augusto Mauch <augusto.mauch@openbravo.com>
Date: 10-12-2021 09:42:31
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/17c428925a2796ad99ce9f468cf8cf5d9e4f5feb [^]

Fixed ISSUE-47535: Fixes NPM audit issues of CORE2 dependencies

This changeset contains the fixes done by executing npm audit fix. Still some errors remain
that require changing the major version of some dependencies or other manual actions. Those pending
errors will be documented and fixed on a separate issue

---
M web-jspack/org.openbravo.core2/package-lock.json
---