Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package vulnerability audit dec 2024 #190

Merged
merged 8 commits into from
Dec 17, 2024
Merged

Package vulnerability audit dec 2024 #190

merged 8 commits into from
Dec 17, 2024

Conversation

SeriousHorncat
Copy link
Collaborator

@SeriousHorncat SeriousHorncat commented Dec 16, 2024
edited by fatimarabab
Loading

Checklist before requesting a review

  • I have performed a self-review of my code.
  • My code follows the style guidelines enforced by static analysis tools.
  • If it is a core feature, I have added thorough tests.
  • My changes generate no new warnings.
  • New and existing unit tests pass locally with my changes.
  • Will this be part of a product update? If yes, please write one phrase about this update.

Pull Request Details

Wrike Ticket - Issue Title

Changes made:

Upgrading package dependencies to avoid the following vulnerabilities:

To Review:

  • Static Analysis by Reviewer

  • Packages have updated versions and for packages that couldn't upgrade away from the vulnerability, are forced to resolve to the fixed package.
    To check this run the following commands:

    ./setup.sh clean

cd frontend
yarn audit

yarn test:coverage
yarn lint

    image

    ./setup.sh clean

cd system-tests
yarn audit

    image

  • The changes made to micro service dependencies are working as intended/rendered correctly.
    To check this run the following commands:

    docker compose down

docker system prune -a --volumes
docker compose up -d

    Visit any analysis and attach a file with the '.gb' file extension.

    image

  • All Github Actions checks have passed.

@SeriousHorncat
Updated python docker images to gracefuly stop since they now start i…
e988603 
…n the primary process in a container, through taking over execution of the entrypoint script via a command; Increased python-multipart pacakge version to avoid vulnerability; increased eslint's version to remove dependency which has vulnerability; this required upgrading the eslint configuration within rosalution to use the new flat file configuration. It is temporarily tuned to be close to the existing code base linting however, the team will review and revise linting guidelines when we gather soon.
@SeriousHorncat
@stylistic/[email protected] requires 20.9 & higher; after inve…
3f4baf0 
…stigating, in order to avoid the vulnerabily also being inside the docker images, need to upgrade to both alpine3.21 & 23.4.; Linting upgrade for eslint to 9.16 for system tests & some updates to corresponding tests.
@SeriousHorncat
Resolved unit test text formatting issue; updated system test package…
5230094 
….json to indicate its of type module for JavaScript.
@SeriousHorncat
Updated system test with finicky rendering of context menus for test
f313e15
@SeriousHorncat
Upping vite to 6.0.3 to resolve vulnerabilities and update its depend…
5722f50 
…encies that have vulnerabilities
@SeriousHorncat
Updated CHANGELOG and resolved linting warning
8ef39d1 
git push
@SeriousHorncat
Updated to support attaching genbank .gb files
00c914e
@SeriousHorncat SeriousHorncat self-assigned this Dec 16, 2024
@SeriousHorncat SeriousHorncat marked this pull request as ready for review December 17, 2024 18:09
@fatimarabab
Copy link
Collaborator

fatimarabab commented Dec 17, 2024
edited
Loading

Packages Audited:
Frontend -
Screenshot 2024-12-17 at 12 42 08 PM
System Tests -
Screenshot 2024-12-17 at 1 04 12 PM

@fatimarabab
Copy link
Collaborator

Able to attach .gb files!
Screenshot 2024-12-17 at 1 11 07 PM

fatimarabab
fatimarabab approved these changes Dec 17, 2024
View reviewed changes
Copy link
Collaborator

@fatimarabab fatimarabab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved!

@SeriousHorncat SeriousHorncat merged commit 8dce205 into main Dec 17, 2024
8 checks passed
@SeriousHorncat SeriousHorncat deleted the package-vulnerability-audit-dec-2024 branch December 17, 2024 19:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fatimarabab fatimarabab fatimarabab approved these changes

Assignees

@SeriousHorncat SeriousHorncat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SeriousHorncat @fatimarabab