Project

General

Profile

Actions
Copy link

Cleanup #48005

closed

mgr/dashboard: fix frontend deps' vulnerabilities

Added by Tiago Melo over 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Alfonso Martínez
Category:
UI
Target version:
Ceph - v17.0.0
% Done:

0%

Tags:
Backport:
pacific
Reviewed:
Affected Versions:
Pull request ID:
44145

Description

We currently have 3 vulnerabilities:

found 3 vulnerabilities (2 low, 1 high) in 2550 scanned packages
run `npm audit fix` to fix 1 of them.
2 vulnerabilities require manual review. See the full report for details.

Related issues 1 (0 open1 closed)

Copied to Dashboard - Backport #53510: pacific: mgr/dashboard: fix frontend deps' vulnerabilitiesResolvedAlfonso MartínezActions
Actions
Copy link
 #1

Updated by Tiago Melo over 3 years ago

  • Assignee deleted (Tiago Melo)
Actions
Copy link
 #2

Updated by Kiefer Chang over 3 years ago 

                       === npm audit security report ===

# Run  npm install --save-dev @angular-devkit/build-angular@0.1100.1  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ object-path                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @angular-devkit/build-angular [dev]                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @angular-devkit/build-angular > resolve-url-loader >         │
│               │ adjust-sourcemap-loader > object-path                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1573                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ htmllint-cli [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ htmllint-cli > yargs > yargs-parser                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint-declaration-use-variable [dev]                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint-declaration-use-variable > stylelint > meow >      │
│               │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 3 vulnerabilities (2 low, 1 high) in 2552 scanned packages
  run `npm audit fix` to fix 1 of them.
  2 vulnerabilities require manual review. See the full report for details.
Actions
Copy link
 #3

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 165 to UI
Actions
Copy link
 #4

Updated by Alfonso Martínez over 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Alfonso Martínez
  • Target version set to v17.0.0
  • Backport set to pacific
Actions
Copy link
 #5

Updated by Alfonso Martínez over 2 years ago

  • Subject changed from mgr/dashboard: Update npm packages and fix vulnerabilities to mgr/dashboard: fix frontend deps' vulnerabilities
Actions
Copy link
 #6

Updated by Alfonso Martínez over 2 years ago

  • Status changed from In Progress to Pending Backport
  • Pull request ID set to 44145
Actions
Copy link
 #7

Updated by Backport Bot over 2 years ago

  • Copied to Backport #53510: pacific: mgr/dashboard: fix frontend deps' vulnerabilities added
Actions
Copy link
 #8

Updated by Ernesto Puerta over 2 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF