Actions
Bug #21654
closedUpgrade several dependencies from security reports
Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
-
Release:
Release relationship:
Auto
Updated by Lucas Di Pentima about 1 month ago
Updates at 21654-deps-updates
- eff916e upgrades
github.com/satori/go.uuid
addressing CVE-2021-3538: developer-run-tests: #4139 - 9b12bf8 upgrades
babel-traverse
addressing CVE-2023-45133: developer-run-tests: #4142
Updated by Lucas Di Pentima about 1 month ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|f674f8883fc075170a20ef592a2609e4f521f7b2.
Updated by Lucas Di Pentima about 1 month ago
- Status changed from Resolved to In Progress
Updated by Lucas Di Pentima about 1 month ago
Updates at 4d3508c
21654-browserify-sign-upgrade
- Upgrades
browserify-sign
to address CVE-2023-46234: developer-run-tests: #4148
Updated by Lucas Di Pentima about 1 month ago
Updates at 6e1da3c
21654-nokogiri-upgrade
- Upgrades
nokogiri
to address CVE-2024-25062: developer-run-tests: #4147
Updated by Lucas Di Pentima about 1 month ago
Updates at 9542ef8
21654-go-jose-upgrade
- Upgrades
github.com/go-jose/go-jose/v3
to address CVE-2024-28180: developer-run-tests: #4149
Updated by Lucas Di Pentima about 1 month ago
Updates at 7997c58 21654-rails-upgrade
developer-run-tests: #4150
- Upgrades
rack
to address CVE-2024-26141, CVE-2024-26146 & CVE-2024-25126. - Upgrades
rails
to 7.0.8.1 to address CVE-2024-26143.
Updated by Lucas Di Pentima about 1 month ago
Updates at efe40af06f
21654-express-upgrade
: developer-run-tests: #4153
- Upgrades
express
to address CVE-2024-29041
Updated by Lucas Di Pentima about 1 month ago
Updates at 95c835b
21654-follow-redirects-upgrade
: developer-run-tests: #4152
- 21654: Upgrades
follow-redirects
addressing CVE-2024-28849 & CVE-2023-26159
Updated by Lucas Di Pentima about 1 month ago
Updates at 1e29fff
21654-protobuf-upgrade
: developer-run-tests: #4156
- Upgrades
google.golang.org/protobuf
to address CVE-2024-24786
Updated by Lucas Di Pentima about 1 month ago
Updates at 0809ee6
21654-docker-upgrade
: developer-run-tests: #4155
- Upgrades
github.com/docker/docker
to address CVE-2024-24557
Updated by Lucas Di Pentima about 1 month ago
Updates at 23c01a7
21654-wb2-deps-upgrades
: developer-run-tests: #4160
- Upgrades
ip
packages to address CVE-2023-42282 - Upgrades
ex5-ext
to address CVE-2024-27088
Updated by Lucas Di Pentima about 1 month ago
There one easily applicable upgrade pending, but not sure why it makes Cypress fail most of the tests with an error like the following:
18:08:37 3) Registered workflow panel tests 18:08:37 shows the appropriate buttons in the multiselect toolbar: 18:08:37 CypressError: Timed out retrying after 4050ms: `cy.click()` failed because this element: 18:08:37 18:08:37 `<p class="MuiTypography-root-570 MuiTypography-body2-578 Component-listItemText-774 Component-active-775">Home Pr...</p>` 18:08:37 18:08:37 is being covered by another element: 18:08:37 18:08:37 `<iframe style="position: fixed; top: 0px; left: 0px; width: 100%; height: 100%; border: none; z-index: 2147483647;"></iframe>` 18:08:37 18:08:37 Fix this problem, or use {force: true} to disable error checking.
The upgrade just consists in changing axios
from 0.21.4 to 0.28.1, haven't found any clue as to why this happens.
diff --git a/services/workbench2/package.json b/services/workbench2/package.json
index 94e35029c4..4b3a81db24 100644
--- a/services/workbench2/package.json
+++ b/services/workbench2/package.json
@@ -28,7 +28,7 @@
"@types/react-window": "1.8.2",
"@types/redux-form": "7.4.12",
"@types/shell-escape": "^0.2.0",
- "axios": "^0.21.1",
+ "axios": "^0.28.0",
"bootstrap": "^5.3.2",
"caniuse-lite": "1.0.30001606",
"classnames": "2.2.6",
diff --git a/services/workbench2/yarn.lock b/services/workbench2/yarn.lock
index 21fcc817c5..c917e529ef 100644
--- a/services/workbench2/yarn.lock
+++ b/services/workbench2/yarn.lock
@@ -4162,7 +4162,7 @@ __metadata:
"@types/shell-escape": ^0.2.0
"@types/sinon": 7.5
"@types/uuid": 3.4.4
- axios: ^0.21.1
+ axios: ^0.28.0
axios-mock-adapter: 1.17.0
bootstrap: ^5.3.2
caniuse-lite: 1.0.30001606
@@ -4439,12 +4439,14 @@ __metadata:
languageName: node
linkType: hard
-"axios@npm:^0.21.1":
- version: 0.21.4
- resolution: "axios@npm:0.21.4"
+"axios@npm:^0.28.0":
+ version: 0.28.1
+ resolution: "axios@npm:0.28.1"
dependencies:
- follow-redirects: ^1.14.0
- checksum: 44245f24ac971e7458f3120c92f9d66d1fc695e8b97019139de5b0cc65d9b8104647db01e5f46917728edfc0cfd88eb30fc4c55e6053eef4ace76768ce95ff3c
+ follow-redirects: ^1.15.0
+ form-data: ^4.0.0
+ proxy-from-env: ^1.1.0
+ checksum: 5115a38d79064d07437c5a28f15841e3607634040e3120ec06a2c4367a7d07cf213b16496eab53b6f58ebc5fb377a440ba9ed4782529b14449a1e285734bfb54
languageName: node
linkType: hard
@@ -5851,7 +5853,7 @@ __metadata:
languageName: node
linkType: hard
-"combined-stream@npm:^1.0.6, combined-stream@npm:~1.0.6":
+"combined-stream@npm:^1.0.6, combined-stream@npm:^1.0.8, combined-stream@npm:~1.0.6":
version: 1.0.8
resolution: "combined-stream@npm:1.0.8"
dependencies:
@@ -8712,7 +8714,7 @@ __metadata:
languageName: node
linkType: hard
-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.14.0":
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.0":
version: 1.15.6
resolution: "follow-redirects@npm:1.15.6"
peerDependenciesMeta:
@@ -8777,6 +8779,17 @@ __metadata:
languageName: node
linkType: hard
+"form-data@npm:^4.0.0":
+ version: 4.0.0
+ resolution: "form-data@npm:4.0.0"
+ dependencies:
+ asynckit: ^0.4.0
+ combined-stream: ^1.0.8
+ mime-types: ^2.1.12
+ checksum: 01135bf8675f9d5c61ff18e2e2932f719ca4de964e3be90ef4c36aacfc7b9cb2fceb5eca0b7e0190e3383fe51c5b37f4cb80b62ca06a99aaabfcfd6ac7c9328c
+ languageName: node
+ linkType: hard
+
"form-data@npm:~2.3.2":
version: 2.3.3
resolution: "form-data@npm:2.3.3"
@@ -15335,6 +15348,13 @@ __metadata:
languageName: node
linkType: hard
+"proxy-from-env@npm:^1.1.0":
+ version: 1.1.0
+ resolution: "proxy-from-env@npm:1.1.0"
+ checksum: ed7fcc2ba0a33404958e34d95d18638249a68c430e30fcb6c478497d72739ba64ce9810a24f53a7d921d0c065e5b78e3822759800698167256b04659366ca4d4
+ languageName: node
+ linkType: hard
+
"prr@npm:~1.0.1":
version: 1.0.1
resolution: "prr@npm:1.0.1"
Updated by Lucas Di Pentima about 1 month ago
- Status changed from In Progress to Resolved
Actions