Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability audit for 0.7.0 & Removal of passlib as dependency #185

Merged
merged 4 commits into from
Oct 1, 2024

Conversation

SeriousHorncat
Copy link
Collaborator

@SeriousHorncat SeriousHorncat commented Oct 1, 2024

Pull Request Template

Checklist before requesting a review

  • I have performed a self-review of my code.
  • My code follows the style guidelines enforced by static analysis tools.
  • If it is a core feature, I have added thorough tests.
  • My changes generate no new warnings.
  • New and existing unit tests pass locally with my changes.

Pull Request Details

Wrike Ticket - Resolve vulnerabilities from package dependencies and python bcrypt warning

Changes made:

  • Upgraded frontend 'sinon' package dependency -> 16.0.0 to 19.0.2: to upgrade 'path-to-regexp' to 8.2.0
  • Upgraded frontend 'vitest' package dependency -> 1.6.0 to 2.1.1: to remove 'micromatch', implement major version upgrade to make easier for future vulnerability dependency release
  • Upgraded frontend 'vite' package dependency -> '5.3.2' to '5.4.8': to resolve several vulnerabilities
  • Upgraded frontend '@vitejs/plugin-vue' package dependency -> '5.0.5' to 5.1.4
  • Include changelog updates for 0.7.0 Rosalution

Important Note: Updates for resolving some of Vite's package dependencies are not released yet; but will be soon. Will resolve in a future update

To Review:

  • Static Analysis by Reviewer

  • Verify package updates

    ./setup.sh clean
    • Frontend Package Updates

      cd frontend
      yarn why rollup

      image

      yarn why path-to-regexp

      image

      yarn why micromatch

      image

      yarn why micromatch
    • Bcrypt warning message no longer showing in logs
      bash cd backend pytest src/ tests/
      image

  • All Github Actions checks have passed.

@SeriousHorncat SeriousHorncat self-assigned this Oct 1, 2024
@fatimarabab
Copy link
Collaborator

Frontend Packages Updated
Screenshot 2024-10-01 at 11 48 38 AM
Screenshot 2024-10-01 at 11 49 46 AM
Screenshot 2024-10-01 at 11 51 01 AM

Bcrypt warning message no longer shown in logs:
Screenshot 2024-10-01 at 11 52 39 AM

Copy link
Collaborator

@fatimarabab fatimarabab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, good to go!

@SeriousHorncat SeriousHorncat merged commit 77efce4 into main Oct 1, 2024
8 checks passed
@SeriousHorncat SeriousHorncat deleted the vulnerability-audit-for-0.7.0 branch October 1, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants