Bug #17653

Apply security related upgrades

Added by Lucas Di Pentima 6 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench2
Start date:
Due date:
% Done:

100%

Estimated time:
Story points:
-
Release relationship:
Auto

Associated revisions

Revision 939693ee
Added by Lucas Di Pentima 5 months ago

Merge branch '17653-security-upgrades'
Closes #17653

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <>

History

#1 Updated by Lucas Di Pentima 6 months ago

  • Status changed from New to In Progress

#2 Updated by Lucas Di Pentima 5 months ago

  • Target version changed from 2021-05-12 sprint to 2021-05-26 sprint

#3 Updated by Lucas Di Pentima 5 months ago

  • Target version changed from 2021-05-26 sprint to 2021-06-09 sprint

#4 Updated by Peter Amstutz 5 months ago

  • Release changed from 38 to 39

#6 Updated by Lucas Di Pentima 5 months ago

Updates at arvados-workbench2|30aa642
Test run: https://ci.arvados.org/view/Developer/job/developer-tests-workbench2/432/

  • Rebased to current master (from previous note)
  • Adds some more upgrades
  • Undo the css-what upgrade as it breaks the app (it's the only 'high' vulnerability package pending to be upgraded)

Results of running "yarn audit"

Before:

885 vulnerabilities found - Packages audited: 1893
Severity: 434 Low | 79 Moderate | 371 High | 1 Critical

After:

146 vulnerabilities found - Packages audited: 1928
Severity: 100 Low | 45 Moderate | 1 High

I believe this process could be safer and easier by removing dependencies to the stale react-scripts-ts package. I've found a guide to do this: https://vincenttunru.com/migrate-create-react-app-typescript-to-create-react-app/

#7 Updated by Lucas Di Pentima 5 months ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved

Also available in: Atom PDF