Actions
Bug #22133
closedUpgrade dependencies to address current security advisories
Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
-
Release:
Release relationship:
Auto
Updated by Brett Smith 3 months ago
Please be careful not to re-revert 2f4fb1522c89c29a94854bf9f26fb6d13959f2d4. If dependabot identifies a specific security issue with the net-imap gem, please share details so we can figure out what we want to do about it.
Updated by Lucas Di Pentima 3 months ago
Updates at a6da959 - branch 22133-dependency-upgrades
Test run: developer-run-tests: #4458
WB rerun: developer-run-tests-services-workbench2: #1171
- Go dependencies upgrade
github.com/docker/docker
from v26.1.3+incompatible to v26.1.5+incompatible to address CVE-2024-41110google.golang.org/grpc
from v1.64.0 to v1.64.1 to mitigate a potential CWE-200
- Workbench dependencies upgrade
- Direct
webpack
dompurify
elliptic
resolve-url-loader
wait-on
- Indirect
express
braces
micromatch
postcss
- Direct
Updated by Lucas Di Pentima 3 months ago
Update at 5617c02 - branch 22133-dependency-upgrades-part-deux
Test run: developer-run-tests-services-workbench2: #1179
Second pass of Workbench related dependency upgrades
- Upgrades
ws
to address CVE-2024-37890 - Upgrades
socks
to get a replacement for the vulnerableip
package - Upgrades
path-to-regexp
where possible - Removes unused
lodash.template
&lodash.mergewith
packages
Updated by Lucas Di Pentima 3 months ago
- Status changed from In Progress to Resolved
Actions