Arvados

Updates at 21654-deps-updates

• eff916e upgrades github.com/satori/go.uuid addressing CVE-2021-3538: developer-run-tests: #4139
• 9b12bf8 upgrades babel-traverse addressing CVE-2023-45133: developer-run-tests: #4142

• Upgrades browserify-sign to address CVE-2023-46234: developer-run-tests: #4148

• Upgrades nokogiri to address CVE-2024-25062: developer-run-tests: #4147

• Upgrades github.com/go-jose/go-jose/v3 to address CVE-2024-28180: developer-run-tests: #4149

Updates at 7997c58 21654-rails-upgrade developer-run-tests: #4150

• Upgrades rack to address CVE-2024-26141, CVE-2024-26146 & CVE-2024-25126.
• Upgrades rails to 7.0.8.1 to address CVE-2024-26143.

developer-run-tests: #4153

• Upgrades express to address CVE-2024-29041

developer-run-tests: #4152

• 21654: Upgrades follow-redirects addressing CVE-2024-28849 & CVE-2023-26159

developer-run-tests: #4156

• Upgrades google.golang.org/protobuf to address CVE-2024-24786

developer-run-tests: #4155

• Upgrades github.com/docker/docker to address CVE-2024-24557

developer-run-tests: #4160

• Upgrades ip packages to address CVE-2023-42282
• Upgrades ex5-ext to address CVE-2024-27088

There one easily applicable upgrade pending, but not sure why it makes Cypress fail most of the tests with an error like the following:

18:08:37   3) Registered workflow panel tests
18:08:37        shows the appropriate buttons in the multiselect toolbar:
18:08:37      CypressError: Timed out retrying after 4050ms: `cy.click()` failed because this element:
18:08:37 
18:08:37 `<p class="MuiTypography-root-570 MuiTypography-body2-578 Component-listItemText-774 Component-active-775">Home Pr...</p>`
18:08:37 
18:08:37 is being covered by another element:
18:08:37 
18:08:37 `<iframe style="position: fixed; top: 0px; left: 0px; width: 100%; height: 100%; border: none; z-index: 2147483647;"></iframe>`
18:08:37 
18:08:37 Fix this problem, or use {force: true} to disable error checking.

The upgrade just consists in changing axios from 0.21.4 to 0.28.1, haven't found any clue as to why this happens.

diff --git a/services/workbench2/package.json b/services/workbench2/package.json
index 94e35029c4..4b3a81db24 100644
--- a/services/workbench2/package.json
+++ b/services/workbench2/package.json
@@ -28,7 +28,7 @@
     "@types/react-window": "1.8.2",
     "@types/redux-form": "7.4.12",
     "@types/shell-escape": "^0.2.0",
-    "axios": "^0.21.1",
+    "axios": "^0.28.0",
     "bootstrap": "^5.3.2",
     "caniuse-lite": "1.0.30001606",
     "classnames": "2.2.6",
diff --git a/services/workbench2/yarn.lock b/services/workbench2/yarn.lock
index 21fcc817c5..c917e529ef 100644
--- a/services/workbench2/yarn.lock
+++ b/services/workbench2/yarn.lock
@@ -4162,7 +4162,7 @@ __metadata:
     "@types/shell-escape": ^0.2.0
     "@types/sinon": 7.5
     "@types/uuid": 3.4.4
-    axios: ^0.21.1
+    axios: ^0.28.0
     axios-mock-adapter: 1.17.0
     bootstrap: ^5.3.2
     caniuse-lite: 1.0.30001606
@@ -4439,12 +4439,14 @@ __metadata:
   languageName: node
   linkType: hard

-"axios@npm:^0.21.1":
-  version: 0.21.4
-  resolution: "axios@npm:0.21.4" 
+"axios@npm:^0.28.0":
+  version: 0.28.1
+  resolution: "axios@npm:0.28.1" 
   dependencies:
-    follow-redirects: ^1.14.0
-  checksum: 44245f24ac971e7458f3120c92f9d66d1fc695e8b97019139de5b0cc65d9b8104647db01e5f46917728edfc0cfd88eb30fc4c55e6053eef4ace76768ce95ff3c
+    follow-redirects: ^1.15.0
+    form-data: ^4.0.0
+    proxy-from-env: ^1.1.0
+  checksum: 5115a38d79064d07437c5a28f15841e3607634040e3120ec06a2c4367a7d07cf213b16496eab53b6f58ebc5fb377a440ba9ed4782529b14449a1e285734bfb54
   languageName: node
   linkType: hard

@@ -5851,7 +5853,7 @@ __metadata:
   languageName: node
   linkType: hard

-"combined-stream@npm:^1.0.6, combined-stream@npm:~1.0.6":
+"combined-stream@npm:^1.0.6, combined-stream@npm:^1.0.8, combined-stream@npm:~1.0.6":
   version: 1.0.8
   resolution: "combined-stream@npm:1.0.8" 
   dependencies:
@@ -8712,7 +8714,7 @@ __metadata:
   languageName: node
   linkType: hard

-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.14.0":
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.0":
   version: 1.15.6
   resolution: "follow-redirects@npm:1.15.6" 
   peerDependenciesMeta:
@@ -8777,6 +8779,17 @@ __metadata:
   languageName: node
   linkType: hard

+"form-data@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "form-data@npm:4.0.0" 
+  dependencies:
+    asynckit: ^0.4.0
+    combined-stream: ^1.0.8
+    mime-types: ^2.1.12
+  checksum: 01135bf8675f9d5c61ff18e2e2932f719ca4de964e3be90ef4c36aacfc7b9cb2fceb5eca0b7e0190e3383fe51c5b37f4cb80b62ca06a99aaabfcfd6ac7c9328c
+  languageName: node
+  linkType: hard
+
 "form-data@npm:~2.3.2":
   version: 2.3.3
   resolution: "form-data@npm:2.3.3" 
@@ -15335,6 +15348,13 @@ __metadata:
   languageName: node
   linkType: hard

+"proxy-from-env@npm:^1.1.0":
+  version: 1.1.0
+  resolution: "proxy-from-env@npm:1.1.0" 
+  checksum: ed7fcc2ba0a33404958e34d95d18638249a68c430e30fcb6c478497d72739ba64ce9810a24f53a7d921d0c065e5b78e3822759800698167256b04659366ca4d4
+  languageName: node
+  linkType: hard
+
 "prr@npm:~1.0.1":
   version: 1.0.1
   resolution: "prr@npm:1.0.1"