Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check and fix security issues #23

Open
jacovinus opened this issue Jul 10, 2023 · 6 comments
Open

Check and fix security issues #23

jacovinus opened this issue Jul 10, 2023 · 6 comments
Labels
dependencies Pull requests that update a dependency file

Comments

@jacovinus
Copy link
Collaborator

we have actually 37 security issues, should check and fix the most possible of them..
https://github.com/metrico/grafana-flow/security
Also we should check about the Node version (16) since it will be deprecated at september this year, and v17 has some breaking changes related to OpenSSL

@jacovinus jacovinus added the dependencies Pull requests that update a dependency file label Jul 10, 2023
@henningw
Copy link

The project seems to also depends on Angular 12, which is long end of life. link Are there any plans to update to maintened Angular version? Any news about the open security issues reported in the original report?

@lmangani
Copy link
Contributor

@henningw no concerns. this a dated codebase for feedback, while the incubated version is based on modern standards

@henningw
Copy link

@henningw no concerns. this a dated codebase for feedback, while the incubated version is based on modern standards

Thanks @lmangani for the fast reply. The incubated version is your commercial product, or is this another repository which I am not aware of?

@lmangani
Copy link
Contributor

lmangani commented Nov 23, 2023

@henningw no its simply still in development and will be released once we feel it's ready to be used and contributed to. Since we have no contributors, we're not rushing it out.

For clarity, there is no commercial product related to homer or its code, and there will never be one. If you're referring to our sponsor hepic that is not a commercial homer and the two projects have zero lines of code and technology in common. 👍

@henningw
Copy link

@lmangani I have of course no insight into your commercial offerings, therefore I asked. I got the impression from the required contributor licence assignment (e.g. at homer-ui) in order to contribute that you are also using some code parts for your commercial software. Thanks for the clarificiation.

@lmangani
Copy link
Contributor

@henningw thanks for the question

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

No branches or pull requests

3 participants