Project

General

Profile

Cleanup #48005

mgr/dashboard: fix frontend deps' vulnerabilities

Added by Tiago Melo almost 3 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Alfonso Martínez
Category:
UI
Target version:
Ceph - v17.0.0
% Done:

0%

Tags:
Backport:
pacific
Reviewed:
Affected Versions:
Pull request ID:
44145

Description

We currently have 3 vulnerabilities:

found 3 vulnerabilities (2 low, 1 high) in 2550 scanned packages
run `npm audit fix` to fix 1 of them.
2 vulnerabilities require manual review. See the full report for details.

Related issues

Copied to Dashboard - Backport #53510: pacific: mgr/dashboard: fix frontend deps' vulnerabilities Resolved

History

#1 Updated by Tiago Melo almost 3 years ago

  • Assignee deleted (Tiago Melo)

#2 Updated by Kiefer Chang almost 3 years ago 

                       === npm audit security report ===

# Run  npm install --save-dev @angular-devkit/build-angular@0.1100.1  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ object-path                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @angular-devkit/build-angular [dev]                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @angular-devkit/build-angular > resolve-url-loader >         │
│               │ adjust-sourcemap-loader > object-path                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1573                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ htmllint-cli [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ htmllint-cli > yargs > yargs-parser                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint-declaration-use-variable [dev]                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint-declaration-use-variable > stylelint > meow >      │
│               │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 3 vulnerabilities (2 low, 1 high) in 2552 scanned packages
  run `npm audit fix` to fix 1 of them.
  2 vulnerabilities require manual review. See the full report for details.

#3 Updated by Ernesto Puerta over 2 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 165 to UI

#4 Updated by Alfonso Martínez almost 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Alfonso Martínez
  • Target version set to v17.0.0
  • Backport set to pacific

#5 Updated by Alfonso Martínez almost 2 years ago

  • Subject changed from mgr/dashboard: Update npm packages and fix vulnerabilities to mgr/dashboard: fix frontend deps' vulnerabilities

#6 Updated by Alfonso Martínez almost 2 years ago

  • Status changed from In Progress to Pending Backport
  • Pull request ID set to 44145

#7 Updated by Backport Bot almost 2 years ago

  • Copied to Backport #53510: pacific: mgr/dashboard: fix frontend deps' vulnerabilities added

#8 Updated by Ernesto Puerta almost 2 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF