Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0051128
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] Z. Othersmajorhave not tried2022-12-13 13:292023-01-02 16:10
ReportershuehnerView Statuspublic 
Assigned ToAugustoMauch 
PrioritynormalResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0051128: org.openbravo.service.jsexecutor: Update package-lock.json to fix npm audit issues

Descriptionnpm audit reports problems which should be fixed by updating versions in the package-lock.json

5 vulnerabilities (4 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
Steps To Reproducenpm audit
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0144593)
shuehner (administrator)
2022-12-13 13:33

 One of the items "properties-reader" required manual update of package.json for semver bump from 0.3 to 2.2

fix available via `npm audit fix --force`
Will install properties-reader@2.2.0, which is a breaking change
(0145120)
hgbot (developer)
2023-01-02 12:51

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/merge_requests/8 [^]
(0145124)
hgbot (developer)
2023-01-02 16:10

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/merge_requests/8 [^]
(0145125)
hgbot (developer)
2023-01-02 16:10

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor [^]
Changeset: 03ef21baf7cf6f4b44e4da51a82bc21f4eb83673
Author: Augusto Mauch <augusto.mauch@openbravo.com>
Date: 02-01-2023 12:51:19
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.service.jsexecutor/-/commit/03ef21baf7cf6f4b44e4da51a82bc21f4eb83673 [^]

Fixes ISSUE-51128: Fixes vulnerabilities by running npm audit

Two of the vulnerabilities were fixed by running npm audit respecting the current semver. The minimum required version of
properties-reader was increased from 0.3.1 to 2.2.0, but none of the breaking changes affects us, that library is used to
read the contents of the Openbravo.properties file and it is still reading them properly

---
M src-test/js/package-lock.json
M src-test/js/package.json
---

- Issue History
Date Modified Username Field Change
2022-12-13 13:29 shuehner New Issue
2022-12-13 13:29 shuehner Assigned To => Triage Omni OMS
2022-12-13 13:29 shuehner Modules => Core
2022-12-13 13:29 shuehner Triggers an Emergency Pack => No
2022-12-13 13:30 shuehner Assigned To Triage Omni OMS => Triage Platform Base
2022-12-13 13:33 shuehner Note Added: 0144593
2023-01-02 12:51 hgbot Note Added: 0145120
2023-01-02 12:52 AugustoMauch Assigned To Triage Platform Base => AugustoMauch
2023-01-02 12:52 AugustoMauch Status new => scheduled
2023-01-02 16:10 hgbot Note Added: 0145124
2023-01-02 16:10 hgbot Resolution open => fixed
2023-01-02 16:10 hgbot Status scheduled => closed
2023-01-02 16:10 hgbot Note Added: 0145125

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker