This repository has been archived by the owner on Jun 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #343 from davidradl/git342
#342 resolve the critcal npm audit vulnerability
- Loading branch information
Showing
2 changed files
with
42 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Security Fixes | ||
|
||
The build solar scan runs and spots vulnerabilities. | ||
Also locally you can run npm audit to list vulnerabilities. | ||
Over time more and more vultnerabilities will be flagged by these mechanisms. This file is to keep track of the outstanding security fixed and how they are bing addressed. | ||
|
||
npm audit fix should run regularly. This should fix any components that can be upgraded with a non-breaking change. | ||
|
||
As of 30/01/22 | ||
|
||
* issue [https://github.com/odpi/egeria-react-ui/issues/342](https://github.com/odpi/egeria-react-ui/issues/342) was raised to address a critical issue in Immer. | ||
|
||
```npm audit gives | ||
found 94 vulnerabilities (2 low, 87 moderate, 4 high, 1 critical) in 2485 scanned packages | ||
91 vulnerabilities require semver-major dependency updates. | ||
3 vulnerabilities require manual review. See the full report for details.``` | ||
|
||
|
||
|
||
There is a lot of discussion about this not actually effecting runtime. The fix that was recommended was to force the level of Immer. The fix forthis introduced some force resolutions including that of Immer. This brings the oustanding vulnerabilities to : | ||
|
||
```found 86 vulnerabilities (84 moderate, 2 high)``` | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|