Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

39 restricted dependencies used in che-code and code-rhel8 container builds #21931

Closed
Tracked by #21942
, #22035
...
nickboldt opened this issue Jan 10, 2023 · 3 comments
Closed
Tracked by #21942
, #22035
...

39 restricted dependencies used in che-code and code-rhel8 container builds #21931

nickboldt opened this issue Jan 10, 2023 · 3 comments
Assignees
@mkuznyetsov
Labels
area/editor/vscode Issues related to the Code OSS editor of Che area/editors kind/bug Outline of a bug - must adhere to the bug report template. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.

Comments

@nickboldt
Copy link
Contributor

nickboldt commented Jan 10, 2023
edited
Loading

Describe the bug

I ran the dash-licenses tool to check dependencies and there's a number of problems found:

$➔ podman run --rm -t -v ${PWD}/:/workspace/project quay.io/che-incubator/dash-licenses:next --check
Copy project...
Done.

Create tmp dir...
Done.
Generating all dependencies info using yarn...
Done.

Generating a temporary DEPENDENCIES file...
[main] INFO Querying Eclipse Foundation for license data for 500 items.
[main] INFO Found 49 items.
[main] INFO Querying Eclipse Foundation for license data for 500 items.
[main] INFO Found 39 items.
[main] INFO Querying Eclipse Foundation for license data for 500 items.
[main] INFO Found 80 items.
[main] INFO Querying Eclipse Foundation for license data for 119 items.
[main] INFO Found 30 items.
[main] INFO Querying ClearlyDefined for license data for 500 items.
[main] INFO Found 500 items.
[main] INFO Querying ClearlyDefined for license data for 500 items.
[main] INFO Found 500 items.
[main] INFO Querying ClearlyDefined for license data for 421 items.
[main] INFO Found 421 items.
[main] INFO License information could not be automatically verified for the following content:
[main] INFO 
[main] INFO npm/npmjs/-/7zip/0.0.6
[main] INFO npm/npmjs/-/gulp-eslint/5.0.0
[main] INFO npm/npmjs/-/gulp-rename/1.2.2
[main] INFO npm/npmjs/-/innosetup/6.0.5
[main] INFO npm/npmjs/-/jschardet/3.0.0
[main] INFO npm/npmjs/-/koa-compose/4.1.0
[main] INFO npm/npmjs/-/native-watchdog/1.4.1
[main] INFO npm/npmjs/-/node.extend/1.1.8
[main] INFO npm/npmjs/-/plist/3.0.5
[main] INFO npm/npmjs/-/queue/3.0.6
[main] INFO npm/npmjs/-/queue/3.1.0
[main] INFO npm/npmjs/-/rcedit/0.3.0
[main] INFO npm/npmjs/-/rcedit/1.1.0
[main] INFO npm/npmjs/-/spdlog/0.13.6
[main] INFO npm/npmjs/-/through2/0.4.2
[main] INFO npm/npmjs/-/ts-loader/9.2.7
[main] INFO npm/npmjs/-/ts-morph/15.1.0
[main] INFO npm/npmjs/-/typescript/2.6.2
[main] INFO npm/npmjs/-/typescript/5.0.0-dev.20221206
[main] INFO npm/npmjs/-/vscode-policy-watcher/1.1.1
[main] INFO npm/npmjs/-/vscode-proxy-agent/0.12.0
[main] INFO npm/npmjs/-/xterm/5.1.0-beta.63
[main] INFO npm/npmjs/@swc/core-linux-x64-gnu/1.2.245
[main] INFO npm/npmjs/@ts-morph/common/0.16.0
[main] INFO npm/npmjs/@types/node/10.12.21
[main] INFO npm/npmjs/@typescript-eslint/eslint-plugin/5.39.0
[main] INFO npm/npmjs/@vscode/telemetry-extractor/1.9.8
[main] INFO npm/npmjs/@vscode/vscode-languagedetection/1.0.21
[main] INFO 
[main] INFO This content is either not correctly mapped by the system, or requires review.
Done.

Generating list of production dependencies using yarn...
Done.

Generating list of all dependencies using yarn...
Done.

Checking dependencies for restrictions to use...
Warning: failed to parse CQ number from string: "#979"
Warning: failed to parse CQ number from string: "#1978"
Warning: failed to parse CQ number from string: "#5896"
Warning: failed to parse CQ number from string: "#5050"
Warning: failed to parse CQ number from string: "#5050"
Warning: failed to parse CQ number from string: "#2174"
Warning: failed to parse CQ number from string: "#1027"
Warning: failed to parse CQ number from string: "#2725"
Warning: failed to parse CQ number from string: "#1076"
Warning: failed to parse CQ number from string: "#2925"
Warning: failed to parse CQ number from string: "#1196"
Warning: failed to parse CQ number from string: "#1196"
Warning: failed to parse CQ number from string: "#2317"
Warning: failed to parse CQ number from string: "#2317"
Warning: failed to parse CQ number from string: "#2414"
Warning: failed to parse CQ number from string: "#2724"
Warning: failed to parse CQ number from string: "#3753"
Warning: failed to parse CQ number from string: "#2729"
Warning: failed to parse CQ number from string: "#5887"
Warning: failed to parse CQ number from string: "#5898"
Warning: failed to parse CQ number from string: "#1033"
Warning: failed to parse CQ number from string: "#2953"
Warning: failed to parse CQ number from string: "#1287"
Warning: failed to parse CQ number from string: "#1283"
Warning: failed to parse CQ number from string: "#1283"
Warning: failed to parse CQ number from string: "#5322"
Warning: failed to parse CQ number from string: "#2130"
Warning: failed to parse CQ number from string: "#2130"
Warning: failed to parse CQ number from string: "#1128"
Warning: failed to parse CQ number from string: "#94"
Warning: failed to parse CQ number from string: "#2728"
Warning: failed to parse CQ number from string: "#1002"
Warning: failed to parse CQ number from string: "#1204"
Warning: failed to parse CQ number from string: "#1950"
Warning: failed to parse CQ number from string: "#771"
Warning: failed to parse CQ number from string: "#2898"
Warning: failed to parse CQ number from string: "#4556"
Warning: failed to parse CQ number from string: "#2431"
Warning: failed to parse CQ number from string: "#2501"
Warning: failed to parse CQ number from string: "#2433"
Warning: failed to parse CQ number from string: "#2696"
Warning: failed to parse CQ number from string: "#826"
Warning: failed to parse CQ number from string: "#823"
Warning: failed to parse CQ number from string: "#2697"
Warning: failed to parse CQ number from string: "#995"
Warning: failed to parse CQ number from string: "#475"
Warning: failed to parse CQ number from string: "#1100"
Warning: failed to parse CQ number from string: "#518"
Warning: failed to parse CQ number from string: "#881"
Warning: failed to parse CQ number from string: "#120"
Warning: failed to parse CQ number from string: "#1815"
Warning: failed to parse CQ number from string: "#1813"
Warning: failed to parse CQ number from string: "#1039"
Warning: failed to parse CQ number from string: "#2428"
Warning: failed to parse CQ number from string: "#5049"
Warning: failed to parse CQ number from string: "#876"
Warning: failed to parse CQ number from string: "#2415"
Warning: failed to parse CQ number from string: "#2430"
Warning: failed to parse CQ number from string: "#1048"
Warning: failed to parse CQ number from string: "#988"
Warning: failed to parse CQ number from string: "#994"
Warning: failed to parse CQ number from string: "#994"
Warning: failed to parse CQ number from string: "#2676"
Warning: failed to parse CQ number from string: "#1550"
Warning: failed to parse CQ number from string: "#1044"
Warning: failed to parse CQ number from string: "#2732"
Warning: failed to parse CQ number from string: "#5907"
Warning: failed to parse CQ number from string: "#126"
Warning: failed to parse CQ number from string: "#4853"
Warning: failed to parse CQ number from string: "#2531"
Warning: failed to parse CQ number from string: "#1710"
Warning: failed to parse CQ number from string: "#2401"
Warning: failed to parse CQ number from string: "#1046"
Warning: failed to parse CQ number from string: "#2126"
Warning: failed to parse CQ number from string: "#4597"
Warning: failed to parse CQ number from string: "#4986"
Warning: failed to parse CQ number from string: "#2096"
Warning: failed to parse CQ number from string: "#4514"
Warning: failed to parse CQ number from string: "#5952"
Warning: failed to parse CQ number from string: "#5886"
Warning: failed to parse CQ number from string: "#5886"
Warning: failed to parse CQ number from string: "#5895"
Warning: failed to parse CQ number from string: "#5895"
Warning: failed to parse CQ number from string: "#986"
Warning: failed to parse CQ number from string: "#3782"
Warning: failed to parse CQ number from string: "#1944"
Warning: failed to parse CQ number from string: "#1925"
Warning: failed to parse CQ number from string: "#1954"
Warning: failed to parse CQ number from string: "#5890"
Warning: failed to parse CQ number from string: "#2499"
Warning: failed to parse CQ number from string: "#934"
Warning: failed to parse CQ number from string: "#4513"
Warning: failed to parse CQ number from string: "#1025"
Warning: failed to parse CQ number from string: "#3232"
Warning: failed to parse CQ number from string: "#4665"
Warning: failed to parse CQ number from string: "#5894"
Warning: failed to parse CQ number from string: "#991"
Warning: failed to parse CQ number from string: "#2649"
Warning: failed to parse CQ number from string: "#4509"
Warning: failed to parse CQ number from string: "#142"
Warning: failed to parse CQ number from string: "#5056"
Warning: failed to parse CQ number from string: "#3545"
Warning: failed to parse CQ number from string: "#1020"
Warning: failed to parse CQ number from string: "#1037"
Warning: failed to parse CQ number from string: "#1054"
Warning: failed to parse CQ number from string: "#1023"
Warning: failed to parse CQ number from string: "#945"
Warning: failed to parse CQ number from string: "#2881"
Warning: failed to parse CQ number from string: "#2977"
Warning: failed to parse CQ number from string: "#981"
Warning: failed to parse CQ number from string: "#998"
Warning: failed to parse CQ number from string: "#997"
Warning: failed to parse CQ number from string: "#2922"
Warning: failed to parse CQ number from string: "#4519"
Warning: failed to parse CQ number from string: "#1001"
Warning: failed to parse CQ number from string: "#941"
Warning: failed to parse CQ number from string: "#5889"
Warning: failed to parse CQ number from string: "#1344"
Warning: failed to parse CQ number from string: "#5900"
Warning: failed to parse CQ number from string: "#5899"
Warning: failed to parse CQ number from string: "#1031"
Warning: failed to parse CQ number from string: "#5892"
Warning: failed to parse CQ number from string: "#904"
Warning: failed to parse CQ number from string: "#978"
Warning: failed to parse CQ number from string: "#2412"
Warning: failed to parse CQ number from string: "#2983"
Warning: failed to parse CQ number from string: "#2923"
Warning: failed to parse CQ number from string: "#2400"
Warning: failed to parse CQ number from string: "#2417"
Warning: failed to parse CQ number from string: "#2416"
Warning: failed to parse CQ number from string: "#990"
Warning: failed to parse CQ number from string: "#827"
Warning: failed to parse CQ number from string: "#1127"
Warning: failed to parse CQ number from string: "#1127"
Warning: failed to parse CQ number from string: "#989"
Warning: failed to parse CQ number from string: "#949"
Warning: failed to parse CQ number from string: "#2730"
Warning: failed to parse CQ number from string: "#4564"
Warning: failed to parse CQ number from string: "#4564"
Warning: failed to parse CQ number from string: "#4647"
Warning: failed to parse CQ number from string: "#4647"
Warning: failed to parse CQ number from string: "#2731"
Warning: failed to parse CQ number from string: "#5891"
Warning: failed to parse CQ number from string: "#2989"
Warning: failed to parse CQ number from string: "#4566"
Warning: failed to parse CQ number from string: "#1036"
Warning: failed to parse CQ number from string: "#2924"
Warning: failed to parse CQ number from string: "#4336"
Warning: failed to parse CQ number from string: "#1035"
Warning: failed to parse CQ number from string: "#3327"
Warning: failed to parse CQ number from string: "#1086"
Warning: failed to parse CQ number from string: "#2937"
Warning: failed to parse CQ number from string: "#2904"
Warning: failed to parse CQ number from string: "#5885"
Warning: failed to parse CQ number from string: "#2733"
Warning: failed to parse CQ number from string: "#2438"
Warning: failed to parse CQ number from string: "#2562"
Warning: failed to parse CQ number from string: "#6196"
Warning: failed to parse CQ number from string: "#5741"
Warning: failed to parse CQ number from string: "#2407"
Warning: failed to parse CQ number from string: "#4864"
Warning: failed to parse CQ number from string: "#269"
Warning: failed to parse CQ number from string: "#425"
Warning: failed to parse CQ number from string: "#4619"
Warning: failed to parse CQ number from string: "#2892"
Warning: failed to parse CQ number from string: "#3275"
Warning: failed to parse CQ number from string: "#3279"
Warning: failed to parse CQ number from string: "#3280"
Warning: failed to parse CQ number from string: "#3276"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "ecd.jkube"
Warning: failed to parse CQ number from string: "#4340"
Warning: failed to parse CQ number from string: "#3547"
Warning: failed to parse CQ number from string: "#3320"
Warning: failed to parse CQ number from string: "#1959"
Warning: failed to parse CQ number from string: "#1042"
Warning: failed to parse CQ number from string: "#2186"
Warning: failed to parse CQ number from string: "#123"

## UNRESOLVED Production dependencies

1. `7zip@0.0.6`
2. `@swc/core-android-arm-eabi@1.2.245`
3. `@swc/core-android-arm64@1.2.245`
4. `@swc/core-darwin-arm64@1.2.245`
5. `@swc/core-darwin-x64@1.2.245`
6. `@swc/core-freebsd-x64@1.2.245`
7. `@swc/core-linux-arm-gnueabihf@1.2.245`
8. `@swc/core-linux-arm64-gnu@1.2.245`
9. `@swc/core-linux-arm64-musl@1.2.245`
10. `@swc/core-linux-x64-gnu@1.2.245`
11. `@swc/core-win32-arm64-msvc@1.2.245`
12. `@swc/core-win32-ia32-msvc@1.2.245`
13. `@swc/core-win32-x64-msvc@1.2.245`
14. `@ts-morph/common@0.16.0`
15. `@typescript-eslint/eslint-plugin@5.39.0`
16. `@vscode/telemetry-extractor@1.9.8`
17. `@vscode/vscode-languagedetection@1.0.21`
18. `@vscode/windows-registry@1.0.6`
19. `fsevents@1.2.13`
20. `gulp-eslint@5.0.0`
21. `gulp-rename@1.2.2`
22. `innosetup@6.0.5`
23. `jschardet@3.0.0`
24. `koa-compose@4.1.0`
25. `native-watchdog@1.4.1`
26. `node.extend@1.1.8`
27. `plist@3.0.5`
28. `queue@3.0.6`
29. `rcedit@1.1.0`
30. `spdlog@0.13.6`
31. `ts-loader@9.2.7`
32. `ts-morph@15.1.0`
33. `typescript@5.0.0-dev.20221206`
34. `vscode-policy-watcher@1.1.1`
35. `vscode-proxy-agent@0.12.0`
36. `vscode-windows-ca-certs@0.3.0`
37. `windows-mutex@0.4.1`
38. `windows-process-tree@0.3.4`
39. `xterm@5.1.0-beta.63`

Done.

Looking for changes in production dependencies list...
comm: /workspace/project/.deps/prod.md: No such file or directory
Done.

Looking for changes in test- and development dependencies list...
comm: /workspace/project/.deps/dev.md: No such file or directory
Done.

Error: Restricted dependencies are found in the project.

Not sure how many of these are real license problems, vs. tool issues, but it's worth investigating.

Che version

7.58

Steps to reproduce

See instructions at https://github.com/che-incubator/dash-licenses#check-dependencies

cd /path/to/che-code/code/
podman run --rm -t \
       -v ${PWD}/:/workspace/project  \
       quay.io/che-incubator/dash-licenses:next --check
@nickboldt nickboldt added the kind/bug Outline of a bug - must adhere to the bug report template. label Jan 10, 2023
@nickboldt nickboldt changed the title restricted dependencies used in code-rhel8 container build 39 restricted dependencies used in code-rhel8 container build Jan 10, 2023
@nickboldt
Copy link
Contributor Author

nickboldt commented Jan 10, 2023
edited
Loading

This issue was encountered while trying to build code-rhel8 image using cachito to handle all the dependency management - https://issues.redhat.com/browse/CRW-3160

So in future we will want to update che-code to newer versions of dependencies (in its yarn.lock and package.json files), and keep having ClearlyDefined definitions for those deps.

@nickboldt nickboldt added area/editors area/editor/vscode Issues related to the Code OSS editor of Che labels Jan 10, 2023
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 10, 2023
@Kasturi1820 Kasturi1820 added severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jan 13, 2023
@nickboldt nickboldt mentioned this issue Jan 23, 2023
Closed
32 tasks
@nickboldt nickboldt mentioned this issue Feb 14, 2023
Closed
@nickboldt
Copy link
Contributor Author

nickboldt commented Feb 22, 2023
edited
Loading

If you need to add new entries to ClearlyDefined, you can follow the changes in https://github.com/eclipse-che/che-machine-exec/pull/237/files to harvest new ones.

Not worth creating CQs for all these dependencies - don't need or want the Eclipse Foundation overhead here.

If deps can be or need to be updated to newer versions, we can explore that too. Talk to @azatsarynnyy to know which deps can be safely updated to newer/less-CVE-problematic versions.

@nickboldt nickboldt changed the title 39 restricted dependencies used in code-rhel8 container build 39 restricted dependencies used in che-code and code-rhel8 container builds Feb 22, 2023
@l0rd l0rd mentioned this issue Mar 6, 2023
Closed
7 tasks
@l0rd l0rd mentioned this issue Mar 22, 2023
Closed
@che-bot
Copy link
Contributor

che-bot commented Nov 13, 2023

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 13, 2023
@che-bot che-bot closed this as completed Nov 20, 2023
@mkuznyetsov mkuznyetsov reopened this Nov 29, 2023
@che-bot che-bot closed this as completed Dec 6, 2023
@mkuznyetsov mkuznyetsov reopened this Dec 6, 2023
@che-bot che-bot closed this as completed Dec 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkuznyetsov mkuznyetsov

Labels
area/editor/vscode Issues related to the Code OSS editor of Che area/editors kind/bug Outline of a bug - must adhere to the bug report template. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickboldt @mkuznyetsov @che-bot @Kasturi1820