Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0049377 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Nexo Implementation | major | have not tried | 2022-05-23 15:22 | 2022-06-27 17:15 | |||
| Reporter | shuehner | View Status | public | |||||
| Assigned To | adrianromero | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0049377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated | |||||||
| Description | a.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly. That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used. JSONIX part is managed in the related design defect https://issues.openbravo.com/view.php?id=49609 [^] b.1) npm audit issues (easy) run "npm audit fix" b.2) npm audit issues xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0 c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2) jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1) Note: - jsonix upstream seems to not have released a new version >3.0.0 yet | |||||||
| Steps To Reproduce | run npm audit run owasp-dependency check with "npm install" done before in the module | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0138571) hgbot (developer) 2022-06-20 16:29 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/merge_requests/12 [^] |
|
(0138795) hgbot (developer) 2022-06-27 17:15 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider [^] Changeset: a1d9f10799d137a81328e89e68a7fbfec1942e83 Author: Adrián Romero <adrian.romero@openbravo.com> Date: 20-06-2022 16:26:41 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/commit/a1d9f10799d137a81328e89e68a7fbfec1942e83 [^] Fixes ISSUE-49377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated --- M package-lock.json M package.json --- |
|
(0138796) hgbot (developer) 2022-06-27 17:15 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider [^] Changeset: 2ea02ad1581dca938e3e71e3ead749dda6a836b0 Author: Adrián Romero <adrian.romero@openbravo.com> Date: 20-06-2022 16:39:46 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/commit/2ea02ad1581dca938e3e71e3ead749dda6a836b0 [^] Fixes ISSUE-49377: nexoprovider module package.json ver should be reviewed and package-lock.json should be updated --- M package-lock.json M package.json --- |
|
(0138797) hgbot (developer) 2022-06-27 17:15 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/merge_requests/12 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2022-05-23 15:22 | shuehner | New Issue | |
| 2022-05-23 15:22 | shuehner | Assigned To | => Triage Platform Conn |
| 2022-05-23 15:22 | shuehner | OBNetwork customer | => No |
| 2022-05-23 15:22 | shuehner | Triggers an Emergency Pack | => No |
| 2022-06-01 10:50 | adrianromero | Assigned To | Triage Platform Conn => adrianromero |
| 2022-06-20 16:29 | hgbot | Merge Request Status | => open |
| 2022-06-20 16:29 | hgbot | Note Added: 0138571 | |
| 2022-06-20 17:49 | adrianromero | Issue cloned | 0049609 |
| 2022-06-20 17:49 | adrianromero | Relationship added | related to 0049609 |
| 2022-06-20 17:51 | adrianromero | Description Updated | View Revisions |
| 2022-06-27 17:11 | hgbot | Merge Request Status | open => approved |
| 2022-06-27 17:15 | hgbot | Resolution | open => fixed |
| 2022-06-27 17:15 | hgbot | Status | new => closed |
| 2022-06-27 17:15 | hgbot | Note Added: 0138795 | |
| 2022-06-27 17:15 | hgbot | Note Added: 0138796 | |
| 2022-06-27 17:15 | hgbot | Note Added: 0138797 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |