Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Issue Details[ Jump to Notes ]

[ Issue History ] [ Print ]

ID

0047535

Type

Category

Severity

Reproducibility

Date Submitted

Last Update

defect

[POS2] Core

major

have not tried

2021-08-11 16:23

2021-12-10 09:47

Reporter

shuehner

View Status

public

Assigned To

platform

Priority

normal

Resolution

fixed

Fixed in Version

Status

closed

Fix in branch

Fixed in SCM revision

Projection

none

ETA

none

Target Version

OS

Any

Database

Any

Java version

OS Version

Database version

Ant version

Product Version

SCM revision

Review Assigned To

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0047535: Update package-lock.json to fix npm audit issues

Description

npm audit reports problems which should be fixed by updating versions in the package-lock.json

found 621 vulnerabilities (607 moderate, 14 high) in 3127 scanned packages
  run `npm audit fix` to fix 584 of them.
  1 vulnerability requires semver-major dependency updates.
  36 vulnerabilities require manual review. See the full report for details.

Grouping them to causing package:
npm audit | grep 'Package' | sort | uniq -c
      4 │ Package │ browserslist => Tracked as (47415 already)
     30 │ Package │ glob-parent => Tracked as (47415 already)
    554 │ Package │ path-parse
     17 │ Package │ ssri
     10 │ Package │ tar
      4 │ Package │ trim
      2 │ Package │ url-parse

Note: Some other issues are tracked as 47411 (and blocked externally). However 47411 is missing list of what is covered exactly.

Steps To Reproduce

run "npm audit" in source.path

Tags

No tags attached.

Relationships [ Relation Graph ] [ Dependency Graph ]

related to	design defect	0047411		closed	Triage Platform Base	POS2	npm audit reports issues for CRA
related to	design defect	0047415		closed	Triage Platform Base	POS2	npm audit reports issues for Storybook
related to	defect	0047534		closed	jarmendariz	Openbravo ERP	Update package-lock.json to fix npm audit issues

Notes
(0133104) hgbot (developer) 2021-11-16 13:31	Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/666 [^]

(0133596) hgbot (developer) 2021-12-10 09:47	Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/666 [^]

(0133597) hgbot (developer) 2021-12-10 09:47	Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: 17c428925a2796ad99ce9f468cf8cf5d9e4f5feb Author: Augusto Mauch <augusto.mauch@openbravo.com> Date: 10-12-2021 09:42:31 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/17c428925a2796ad99ce9f468cf8cf5d9e4f5feb [^] Fixed ISSUE-47535: Fixes NPM audit issues of CORE2 dependencies This changeset contains the fixes done by executing npm audit fix. Still some errors remain that require changing the major version of some dependencies or other manual actions. Those pending errors will be documented and fixed on a separate issue --- M web-jspack/org.openbravo.core2/package-lock.json ---

Issue History
Date Modified	Username	Field	Change
2021-08-11 16:23	shuehner	New Issue
2021-08-11 16:23	shuehner	Assigned To	=> Retail
2021-08-11 16:23	shuehner	Triggers an Emergency Pack	=> No
2021-08-11 16:25	shuehner	Description Updated	View Revisions
2021-08-11 16:26	shuehner	Relationship added	related to 0047411
2021-08-11 16:26	shuehner	Relationship added	related to 0047415
2021-08-11 16:26	shuehner	Relationship added	related to 0047534
2021-08-23 09:51	dmiguelez	Assigned To	Retail => platform
2021-08-23 09:51	dmiguelez	Status	new => acknowledged
2021-08-23 09:51	dmiguelez	Resolution time	=> 1630879200
2021-11-16 13:31	hgbot	Note Added: 0133104
2021-11-16 15:07	AugustoMauch	Status	acknowledged => scheduled
2021-12-10 09:47	hgbot	Note Added: 0133596
2021-12-10 09:47	hgbot	Resolution	open => fixed
2021-12-10 09:47	hgbot	Status	scheduled => closed
2021-12-10 09:47	hgbot	Note Added: 0133597

Copyright © 2000 - 2009 MantisBT Group