Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mmt 3882: MMT React Vulnerabilities September 2024 #1302

Merged
merged 1 commit into from
Sep 26, 2024
Merged

Mmt 3882: MMT React Vulnerabilities September 2024 #1302

merged 1 commit into from
Sep 26, 2024

Conversation

mandyparson
Copy link
Contributor

@mandyparson mandyparson commented Sep 24, 2024
edited
Loading

Overview

What is the feature?

MMT React Vulnerabilities September 2024

What is the Solution?

Run npm audit fix to fix the vulnerabilites that can be fixed.
NOTE: Neither dicer nor fast-xml-parser vulnerabilites can be fixed. It says 'fix available' but that will bump the version down to an older version that will cause issues. At the moment, both dicer and fast-xml-parser issues are dependants of serverless-s3-local which is already at the latest version see here: https://www.npmjs.com/package/serverless-s3-local/v/0.8.5 so no fix if available for our two high vulnerabilites

What areas of the application does this impact?

package-lock.json

Testing

Reproduction steps

  • **Environment for testing: N/A
  • Collection to test with:
  1. On main branch run npm audit and see>> 15 vulnerabilities (7 moderate, 8 high)
  2. On MMT-3882 branch run npm audit and see>> 7 vulnerabilities (3 moderate, 4 high)

Attachments

Screenshot 2024-09-24 at 1 17 09 PM
Screenshot 2024-09-24 at 1 17 28 PM

Checklist

  • I have added automated tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings

@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.52%. Comparing base (81eff52) to head (e7d828a).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1302   +/-   ##
=======================================
  Coverage   97.52%   97.52%           
=======================================
  Files         362      362           
  Lines        5540     5540           
  Branches     1155     1157    +2     
=======================================
  Hits         5403     5403           
  Misses        136      136           
  Partials        1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cgokey cgokey requested review from cgokey and htranho September 26, 2024 15:03
@mandyparson mandyparson removed the request for review from htranho September 26, 2024 15:04
@mandyparson mandyparson requested a review from htranho September 26, 2024 15:04
@mandyparson mandyparson merged commit ff39279 into main Sep 26, 2024
5 checks passed
@mandyparson mandyparson deleted the MMT-3882 branch September 26, 2024 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgokey cgokey cgokey approved these changes

@htranho htranho htranho approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mandyparson @codecov-commenter @cgokey @htranho