Project

General

Profile

Actions

Bug #17653

closed

Apply security related upgrades

Added by Lucas Di Pentima almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench2
Story points:
-
Release relationship:
Auto
Actions #1

Updated by Lucas Di Pentima almost 3 years ago

  • Status changed from New to In Progress
Actions #2

Updated by Lucas Di Pentima almost 3 years ago

  • Target version changed from 2021-05-12 sprint to 2021-05-26 sprint
Actions #3

Updated by Lucas Di Pentima almost 3 years ago

  • Target version changed from 2021-05-26 sprint to 2021-06-09 sprint
Actions #4

Updated by Peter Amstutz over 2 years ago

  • Release changed from 38 to 39
Actions #5

Updated by Lucas Di Pentima over 2 years ago

Updates at arvados-workbench2|d74fcba - branch 17653-security-upgrades
Test run: developer-tests-workbench2: #430 /console

Actions #6

Updated by Lucas Di Pentima over 2 years ago

Updates at arvados-workbench2|30aa642
Test run: developer-tests-workbench2: #432

  • Rebased to current master (from previous note)
  • Adds some more upgrades
  • Undo the css-what upgrade as it breaks the app (it's the only 'high' vulnerability package pending to be upgraded)

Results of running "yarn audit"

Before:

885 vulnerabilities found - Packages audited: 1893
Severity: 434 Low | 79 Moderate | 371 High | 1 Critical

After:

146 vulnerabilities found - Packages audited: 1928
Severity: 100 Low | 45 Moderate | 1 High

I believe this process could be safer and easier by removing dependencies to the stale react-scripts-ts package. I've found a guide to do this: https://vincenttunru.com/migrate-create-react-app-typescript-to-create-react-app/

Actions #7

Updated by Lucas Di Pentima over 2 years ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF