Actions
Bug #21719
closedUpgrade dependencies that have security reports in github
Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench2
Target version:
Story points:
-
Release:
Release relationship:
Auto
Updated by Lucas Di Pentima 8 months ago
4d5675e04f @ 21719-deps-security-updates
Updates golang.org/x/net
- developer-run-tests: #4185
Updated by Lucas Di Pentima 8 months ago
ejs
requires a newerreact-scripts
version (current version is 4.0.1)loader-utils
requires a newerwebpack
(among others) that in turn requires a newerreact-scripts
lodash < 4.17.21
is vulnerable to command injection through the template function, but we have 4.17.21 installed so I'll dismiss the alert.webpack-dev-middleware
requires a newerwebpack-dev-server
that in turn requires a newerreact-scripts
shell-quote
&immer
require a newerreact-dev-utils
that in turn requires a newerreact-scripts
minimatch
requires a newerrecursive-readdir
that in turn requires a newerreact-dev-utils
scss-tokenizer
requires a newersass-graph
that in turn requires a newernode-sass-chokidar
. This should be handled in https://dev.arvados.org/issues/21722node-forge
requires a newerselfsigned
that in turns requires a newerwebpack-dev-server
(see above)ansi-html
also requires a newerwebpack-dev-server
node-fetch
requires a newerisomorphic-fetch
that in turn requires a newerfbjs
that requires a newerrecompose
that in turn is a dependency of@material-ui/core
,@material-ui/icons
andreact-dnd
(all of these being a direct dependency frompackage.json
, so that's good news!)nth-check
has a very long and branched dependency chain that ultimately requires a newerreact-scripts
glob-parent
requires a newerchokidar
that requires a newerwebpack-dev-server
andwatchpack-chokidar2
that ultimately depends onwebpack
and so, onreact-scripts
The rest are "moderate" and "low" priority alerts that I'm guessing the majority also depend on react-scripts
.
Updated by Lucas Di Pentima 8 months ago
- Related to Feature #21704: Eject workbench2 and remove dependency on create-react-app added
Updated by Lucas Di Pentima 8 months ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|1d6d2ab0372da28d9289cb81735e1f75f45a88d0.
Actions