Upgrade insecure npm dependencies for angularjs staff client
Bug #1992529 reported by
Jane Sandberg
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Medium
|
Unassigned | ||
3.10 |
Won't Fix
|
Undecided
|
Unassigned | ||
3.11 |
New
|
Undecided
|
Unassigned | ||
3.12 |
New
|
Undecided
|
Unassigned |
Bug Description
The AngularJS client says "76 vulnerabilities (13 low, 27 moderate, 28 high, 8 critical)" when you run npm install.
We are concerned that there may be regressions if we just run `npm audit fix`, so I'm opening a collab branch (forthcoming).
Changed in evergreen: | |
importance: | Undecided → Medium |
milestone: | none → 3.10-beta |
Changed in evergreen: | |
milestone: | 3.10-beta → 3.10-rc |
Changed in evergreen: | |
milestone: | 3.10-rc → 3.10.0 |
Changed in evergreen: | |
milestone: | 3.10.0 → 3.10.1 |
Changed in evergreen: | |
milestone: | 3.10.1 → 3.10.2 |
Changed in evergreen: | |
milestone: | 3.10.2 → 3.10.3 |
Changed in evergreen: | |
milestone: | 3.10.3 → 3.12-beta |
Changed in evergreen: | |
milestone: | 3.12-beta → 3.12-rc |
Changed in evergreen: | |
milestone: | 3.12-rc → 3.next |
Changed in evergreen: | |
milestone: | 3.next → 3.13-beta |
Changed in evergreen: | |
milestone: | 3.13-beta → 3.13-rc |
Changed in evergreen: | |
milestone: | 3.13-rc → 3.13.1 |
Changed in evergreen: | |
milestone: | 3.13.1 → none |
To post a comment you must log in.
Here is the collab branch: https:/ /git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/collab/ sandbergja/ lp1992529_ npm_vulnerabili ties_in_ angjs
I needed to make a few changes to the webpack config to get it to build again, notably:
* Using terser instead of uglifier
* Using webpack's built-in chunking, rather than the CommonsChunkPlugin
I did some minimal poking around in the UI, and didn't see any very obvious regressions. I haven't run the test suite yet.
Also, there are still 3 critical vulnerabilities from our dependency on lovefield.