Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve the vulnerabilities identified by "dependabot" #3966

Open
mlehotskylf opened this issue Jun 1, 2023 · 14 comments
Open

Resolve the vulnerabilities identified by "dependabot" #3966

mlehotskylf opened this issue Jun 1, 2023 · 14 comments
Assignees
@nickmango
Labels
03 - Med Medium Priority bug Something isn't working internal Internal tickets

Comments

@mlehotskylf
Copy link
Contributor

mlehotskylf commented Jun 1, 2023
edited
Loading

Resolve the vulnerabilities identified by dependabot: https://github.com/communitybridge/easycla/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc.

Resolve it also for Contributor Console repo: https://github.com/communitybridge/easycla-contributor-console

Most of these can be resolved with a version update.
@mlehotskylf mlehotskylf added the 03 - Med Medium Priority label Jun 1, 2023
@nickmango
Copy link
Collaborator

@mlehotskylf a couple of resolutions had dependencies that halted the update . However 80 % of the packages were updated

@mlehotskylf
Copy link
Contributor Author

@nickmango please review if there are any more checks failing. Thanks!

@mlehotskylf
Copy link
Contributor Author

@nickmango Looks like 3 checks are failing

Image

@mlehotskylf
Copy link
Contributor Author

When we update the library, find where it is used and make sure is is not breaking any functionality.

@mlehotskylf
Copy link
Contributor Author

@umeshlumbhani247 any update on this ticket? Thank you!

@umeshlumbhani247
Copy link
Collaborator

Hi @mlehotskylf I didn't start work on this ticket, as i am occupied with tasks on Organization dashboard and Individual dashboard. Can i pick this later if the task is not in priority ?

@mlehotskylf
Copy link
Contributor Author

Ok, you can pick this up once done with Org dashboard.

@mlehotskylf
Copy link
Contributor Author

@umeshlumbhani247 any update on this? Thanks!

@mlehotskylf
Copy link
Contributor Author

Lets fix this after the release on early next week.

@mlehotskylf
Copy link
Contributor Author

@nickmango is working on this.

@mlehotskylf mlehotskylf added bug Something isn't working internal Internal tickets labels May 23, 2024
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
39aa688 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
514ba7f 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
f3d36fa 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
78006e5 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
1d28447 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
0816181 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
3e2821b 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
a1124e3 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
582b33f 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue May 30, 2024
@nickmango
[communitybridge#3966] Feature/Vulnerabilities
287c8ad 
- Upgraded axios package

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
@mlehotskylf
Copy link
Contributor Author

@nickmango is running into dependency issues.

nickmango added a commit that referenced this issue Jun 4, 2024
@nickmango
Merge pull request #4340 from nickmango/feature/vul-fix
beec3e0 
[#3966] Feature/Vulnerabilities
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
c79480d 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
1d8eaa4 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
0d24fc2 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
f07e512 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
f242860 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
81a3439 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit to nickmango/easycla that referenced this issue Jun 5, 2024
@nickmango
[communitybridge#3966] Vulnerabilities Fix
e4d9074 
- Auto resolved package dependencies for boto3

Signed-off-by: Harold Wanyama <hwanyama@contractor.linuxfoundation.org>
nickmango added a commit that referenced this issue Jun 5, 2024
@nickmango
Merge pull request #4342 from nickmango/vul-fix
51e35c6 
[#3966] Vulnerabilities Fix
@nickmango
Copy link
Collaborator

I was able to resolve the depenpendabot vulnerabilities. @thakurveerendras kindly verify

@mlehotskylf
Copy link
Contributor Author

@thakurveerendras will do one more round of sanity check.

@thakurveerendras
Copy link
Contributor

Done a sanity check on dev & prod and found that it is working fine as expected. So closing this ticket

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nickmango nickmango

Labels
03 - Med Medium Priority bug Something isn't working internal Internal tickets
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mlehotskylf @thakurveerendras @nickmango @umeshlumbhani247