Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0051128Openbravo ERPZ. Otherspublic2022-12-13 13:292023-01-02 16:10
Reportershuehner 
Assigned ToAugustoMauch 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0051128: org.openbravo.service.jsexecutor: Update package-lock.json to fix npm audit issues
Descriptionnpm audit reports problems which should be fixed by updating versions in the package-lock.json

5 vulnerabilities (4 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
Steps To Reproducenpm audit
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2022-12-13 13:29shuehnerNew Issue
2022-12-13 13:29shuehnerAssigned To => Triage Omni OMS
2022-12-13 13:29shuehnerModules => Core
2022-12-13 13:29shuehnerTriggers an Emergency Pack => No
2022-12-13 13:30shuehnerAssigned ToTriage Omni OMS => Triage Platform Base
2022-12-13 13:33shuehnerNote Added: 0144593
2023-01-02 12:51hgbotNote Added: 0145120
2023-01-02 12:52AugustoMauchAssigned ToTriage Platform Base => AugustoMauch
2023-01-02 12:52AugustoMauchStatusnew => scheduled
2023-01-02 16:10hgbotNote Added: 0145124
2023-01-02 16:10hgbotResolutionopen => fixed
2023-01-02 16:10hgbotStatusscheduled => closed
2023-01-02 16:10hgbotNote Added: 0145125

Notes
(0144593)
shuehner   
2022-12-13 13:33   
One of the items "properties-reader" required manual update of package.json for semver bump from 0.3 to 2.2

fix available via `npm audit fix --force`
Will install properties-reader@2.2.0, which is a breaking change
(0145120)
hgbot   
2023-01-02 12:51   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/merge_requests/8 [^]
(0145124)
hgbot   
2023-01-02 16:10   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/merge_requests/8 [^]
(0145125)
hgbot   
2023-01-02 16:10   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor [^]
Changeset: 03ef21baf7cf6f4b44e4da51a82bc21f4eb83673
Author: Augusto Mauch <augusto.mauch@openbravo.com>
Date: 02-01-2023 12:51:19
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/commit/03ef21baf7cf6f4b44e4da51a82bc21f4eb83673 [^]

Fixes ISSUE-51128: Fixes vulnerabilities by running npm audit

Two of the vulnerabilities were fixed by running npm audit respecting the current semver. The minimum required version of
properties-reader was increased from 0.3.1 to 2.2.0, but none of the breaking changes affects us, that library is used to
read the contents of the Openbravo.properties file and it is still reading them properly

---
M src-test/js/package-lock.json
M src-test/js/package.json
---