Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0049377
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Nexo Implementationmajorhave not tried2022-05-23 15:222022-06-27 17:15
ReportershuehnerView Statuspublic 
Assigned Toadrianromero 
PrioritynormalResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0049377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated

Descriptiona.) package.json of nexoprovider module hardcodes versions of its dependencies very strictly.

That should be reviewed and unless special reason exists more typical ^ semver instead of = should be used.

JSONIX part is managed in the related design defect https://issues.openbravo.com/view.php?id=49609 [^]

b.1) npm audit issues (easy)
run "npm audit fix"

b.2) npm audit issues
xmldom avoiding old versions is still not possible as depended upon by jsonix@3.0.0

c.) jsonix@3.0.0 contains jsonix-schema-compiler-full.jar including outdated other libraries
jsonix-schema-compiler-full.jar (shaded: commons-beanutils:commons-beanutils:1.9.2)
jsonix-schema-compiler-full.jar (shaded: commons-collections:commons-collections:3.2.1)

Note:
- jsonix upstream seems to not have released a new version >3.0.0 yet

Steps To Reproducerun npm audit
run owasp-dependency check with "npm install" done before in the module
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to design defect 0049609 newadrianromero nexoprovider module package.json versions should be reviewed because of jsonix dependency 

-  Notes
(0138571)
hgbot (developer)
2022-06-20 16:29

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/merge_requests/12 [^]
(0138795)
hgbot (developer)
2022-06-27 17:15

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider [^]
Changeset: a1d9f10799d137a81328e89e68a7fbfec1942e83
Author: Adrián Romero <adrian.romero@openbravo.com>
Date: 20-06-2022 16:26:41
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/commit/a1d9f10799d137a81328e89e68a7fbfec1942e83 [^]

Fixes ISSUE-49377: nexoprovider module pacakge.json semver should be reviewed and package-lock.json should be updated

---
M package-lock.json
M package.json
---
(0138796)
hgbot (developer)
2022-06-27 17:15

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider [^]
Changeset: 2ea02ad1581dca938e3e71e3ead749dda6a836b0
Author: Adrián Romero <adrian.romero@openbravo.com>
Date: 20-06-2022 16:39:46
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/commit/2ea02ad1581dca938e3e71e3ead749dda6a836b0 [^]

Fixes ISSUE-49377: nexoprovider module package.json ver should be reviewed and package-lock.json should be updated

---
M package-lock.json
M package.json
---
(0138797)
hgbot (developer)
2022-06-27 17:15

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.nexoprovider/-/merge_requests/12 [^]

- Issue History
Date Modified Username Field Change
2022-05-23 15:22 shuehner New Issue
2022-05-23 15:22 shuehner Assigned To => Triage Platform Conn
2022-05-23 15:22 shuehner Triggers an Emergency Pack => No
2022-06-01 10:50 adrianromero Assigned To Triage Platform Conn => adrianromero
2022-06-20 16:29 hgbot Note Added: 0138571
2022-06-20 17:49 adrianromero Issue cloned 0049609
2022-06-20 17:49 adrianromero Relationship added related to 0049609
2022-06-20 17:51 adrianromero Description Updated View Revisions
2022-06-27 17:15 hgbot Resolution open => fixed
2022-06-27 17:15 hgbot Status new => closed
2022-06-27 17:15 hgbot Note Added: 0138795
2022-06-27 17:15 hgbot Note Added: 0138796
2022-06-27 17:15 hgbot Note Added: 0138797

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker