Resolve "Meteor and libraries needs to be updated (vulnerabilities)" (!480) · Merge requests · apps.education / laboite · GitLab

Snippets Groups Projects

Merged Bruno Boiget requested to merge 82-update-meteor-and-libraries-needs-to-be-updated-vulnerabilities into dev 2 years ago

Closes #82 (closed)

Edited 2 years ago by Bruno Boiget

Activity

Bruno Boiget assigned to @bruno.boiget 2 years ago

assigned to @bruno.boiget
Bruno Boiget changed title from Draft: Resolve "Update meteor and libraries needs to be updated (vulnerabilities)" to Draft: Resolve "Meteor and libraries needs to be updated (vulnerabilities)" 2 years ago

changed title from Draft: Resolve "Update meteor and libraries needs to be updated (vulnerabilities)" to Draft: Resolve "Meteor and libraries needs to be updated (vulnerabilities)"
Bruno Boiget added 1 commit 2 years ago
added 1 commit

ad244419 - fix(audit) update meteor and project dependencies

Compare with previous version
Bruno Boiget @bruno.boiget · 2 years ago

Author Maintainer
Some vulnerabilities have no solution yet.

minimist (high - prototype pollution) : https://github.com/advisories/GHSA-xvch-5gv4-984h

quill (medium - cross scripting) : https://github.com/advisories/GHSA-4943-9vgg-gr5r

minimist problem is quite recent, will probably be updated soon. for quill, it seems problem has been around for quite a long time and will probably not get adressed

edit: running meteor npm audit fix --depth 4 fixed the problem with minimist

Edited 2 years ago by Bruno Boiget
Bruno Boiget added 1 commit 2 years ago
added 1 commit

4535a48b - fix(audit): update meteor and project dependencies

Compare with previous version
Bruno Boiget added 1 commit 2 years ago
added 1 commit

b9285504 - fix(lint): disable eslint rule react/forbid-prop-types

Compare with previous version
Bruno Boiget added 1 commit 2 years ago
added 1 commit

ed15e2c4 - fix(audit): update minimist to version 1.2.6

Compare with previous version
Bruno Boiget marked this merge request as ready 2 years ago

marked this merge request as ready
Bruno Boiget added 1 commit 2 years ago
added 1 commit

748b4874 - fix(audit): update Dockerfile and CI

Compare with previous version
Bruno Boiget added 19 commits 2 years ago
added 19 commits

748b4874...7ab27513 - 15 commits from branch dev

9bde676d - fix(audit): update meteor and project dependencies

986475e0 - fix(lint): disable eslint rule react/forbid-prop-types

54f53dd1 - fix(audit): update minimist to version 1.2.6

967d8e9f - fix(audit): update Dockerfile and CI

Compare with previous version
Toggle commit list
Bruno Boiget added 1 commit 2 years ago
added 1 commit

9ce50a68 - fix(audit): update to Meteor 2.7.1 (includes node 14.19.1)

Compare with previous version
Bruno Boiget added 27 commits 2 years ago
added 27 commits

9ce50a68...ff4fa848 - 22 commits from branch dev

40a250dc - fix(audit): update meteor and project dependencies

70c17404 - fix(lint): disable eslint rule react/forbid-prop-types

ccad65b1 - fix(audit): update minimist to version 1.2.6

fc372e00 - fix(audit): update Dockerfile and CI

5ea0a6df - fix(audit): update to Meteor 2.7.1 (includes node 14.19.1)

Compare with previous version
Toggle commit list
Luc Bourdot merged 2 years ago

merged
Luc Bourdot mentioned in commit b3ec24c1 2 years ago

mentioned in commit b3ec24c1
Ghost User @ghost · 2 years ago

This MR is included in version 4.2.0-testing.1

The release is available on GitLab release Your semantic-release bot :package::rocket:
Ghost User @ghost · 2 years ago

This MR is included in version 4.2.0

The release is available on GitLab release Your semantic-release bot :package::rocket:

Please register or sign in to reply