SSCSCI-18: upgrade babel-traverse in dep to fix CVE #1408
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hashimalisolirius
approved these changes
Oct 24, 2023
nitinprabhuhmcts
approved these changes
Oct 24, 2023
hmcts-jenkins-j-to-z
bot
added
ns:sscs
prd:sscs
rel:sscs-tribunals-frontend-pr-1408
labels
benouaer
pushed a commit
that referenced
this pull request
Nov 10, 2023
* Terraform upgrade 1.4.5 * Terraform upgrade 1.4.5 Test Failure Fix (#1371) updated package.json to fix vulnerabilities (#1372) * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * omitting loader-utils CVE vulnerability fix (#1374) * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * updated package.json to fix vulnerabilities * omitting loader-utils * fix for new vulnerabilities * fix for new vulnerabilities * fix for new vulnerabilities * fix for new vulnerabilities * fix for new vulnerabilities * fix for new vulnerabilities Final vulnerabilties fix (#1377) * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure by suppressing remaining vulnerabilities remove security script (#1376) Co-authored-by: gokul-sol <gokul.sridharan@HMCTS.NET> upgrade for yarn from v1 to v3 (#1375) * upgrade for yarn from v1 to v3 * suppress vulnerabilities for node-sass, nunjucks, request * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * Update package.json * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure Yarn upgrade (#1379) * upgrade for yarn from v1 to v3 * suppress vulnerabilities for node-sass, nunjucks, request * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * Update package.json * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure Yarn upgrade v1 (#1382) * upgrade for yarn from v1 to v3 * suppress vulnerabilities for node-sass, nunjucks, request * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * Update package.json * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure * fix for pipeline failure DTSPO-13810 reschedule jenkins nightly builds (#1385) * DTSPO-13810 reschedule jenkins nightly builds * Update Jenkinsfile_nightly * Update Jenkinsfile_nightly Demo fix (#1383) * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * Bumping chart version/ fixing aliases * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * logs added * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * redis update to 6 * demo fix for logging redis connectivity * demo fix for logging redis connectivity * Update main.tf * Update main.tf * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * suppress CVE * suppress CVE * logging redis connection string * Update main.tf * Try and run without Redis Remove redis from healthcheck, and configure one-per-page to use in memory store, for testing purposes. * Update known issues * connecting to redis using redis library and connection string * Update healthcheck.js * Update main.tf * Use redis rather than InMemory data store * removing plain connection string * Use redis rather than InMemory data store * removing plain connection string * Correct redis connection config * Log redis url to check it is as expected * Add colon to connection string and remove /0 * Remove "ignore" and tls from redis url * Correct redis url * updating redis connection string to include default * updating redis connection string to use rediss instead * Correct redis url after updating secret manually * Temporarily remove redis from healthcheck * removing logs from healthcheck.js, BenefitType.js and appConfigurations.js * removing debug comments from healthcheck.js * removing readiness check and tidying up config * removing ioredis dependency * enabling redis readinessCheck in healthcheck.js * temp redis instance for prod * suppress CVE as no patch is available --------- Co-authored-by: hmcts-jenkins-j-to-z <61242337+hmcts-jenkins-j-to-z[bot]@users.noreply.github.com> Co-authored-by: jarekPierchala <jaroslaw.pierchala@hmcts.net> Co-authored-by: jarekPierchala <118526007+jarekPierchala@users.noreply.github.com> Co-authored-by: paul-pearson <paul.pearson@version1.com> Demo fix (#1389) * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * Bumping chart version/ fixing aliases * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * logs added * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * redis update to 6 * demo fix for logging redis connectivity * demo fix for logging redis connectivity * Update main.tf * Update main.tf * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * suppress CVE * suppress CVE * logging redis connection string * Update main.tf * Try and run without Redis Remove redis from healthcheck, and configure one-per-page to use in memory store, for testing purposes. * Update known issues * connecting to redis using redis library and connection string * Update healthcheck.js * Update main.tf * Use redis rather than InMemory data store * removing plain connection string * Use redis rather than InMemory data store * removing plain connection string * Correct redis connection config * Log redis url to check it is as expected * Add colon to connection string and remove /0 * Remove "ignore" and tls from redis url * Correct redis url * updating redis connection string to include default * updating redis connection string to use rediss instead * Correct redis url after updating secret manually * Temporarily remove redis from healthcheck * removing logs from healthcheck.js, BenefitType.js and appConfigurations.js * removing debug comments from healthcheck.js * removing readiness check and tidying up config * removing ioredis dependency * enabling redis readinessCheck in healthcheck.js * temp redis instance for prod * suppress CVE as no patch is available * Update main.tf * disable smoke tests * disable smoke tests * disabel func tests --------- Co-authored-by: Jephtah Addison <jephtah.addison@hmcts.net> Co-authored-by: hmcts-jenkins-j-to-z <61242337+hmcts-jenkins-j-to-z[bot]@users.noreply.github.com> Co-authored-by: paul-pearson <paul.pearson@version1.com> Add var.env Update main.tf Demo fix (#1391) * fix for pipeline failure by correcting Dockerfile * fix for pipeline failure * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * Bumping chart version/ fixing aliases * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * fix for Dockerfile to deploy to demo for testing * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * added logger for redis * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix to ensure SYA is deployed * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * logs added * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * demo fix * redis update to 6 * demo fix for logging redis connectivity * demo fix for logging redis connectivity * Update main.tf * Update main.tf * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * demo fix for logging redis connectivity * suppress CVE * suppress CVE * logging redis connection string * Update main.tf * Try and run without Redis Remove redis from healthcheck, and configure one-per-page to use in memory store, for testing purposes. * Update known issues * connecting to redis using redis library and connection string * Update healthcheck.js * Update main.tf * Use redis rather than InMemory data store * removing plain connection string * Use redis rather than InMemory data store * removing plain connection string * Correct redis connection config * Log redis url to check it is as expected * Add colon to connection string and remove /0 * Remove "ignore" and tls from redis url * Correct redis url * updating redis connection string to include default * updating redis connection string to use rediss instead * Correct redis url after updating secret manually * Temporarily remove redis from healthcheck * removing logs from healthcheck.js, BenefitType.js and appConfigurations.js * removing debug comments from healthcheck.js * removing readiness check and tidying up config * removing ioredis dependency * enabling redis readinessCheck in healthcheck.js * temp redis instance for prod * suppress CVE as no patch is available * Update main.tf * disable smoke tests * disable smoke tests * disabel func tests * Revert "disabel func tests" This reverts commit de589ef. * Revert "disable smoke tests" This reverts commit cc20b5a. * Revert "disable smoke tests" This reverts commit 6054178. * bring back tests --------- Co-authored-by: Jephtah Addison <jephtah.addison@hmcts.net> Co-authored-by: hmcts-jenkins-j-to-z <61242337+hmcts-jenkins-j-to-z[bot]@users.noreply.github.com> Co-authored-by: paul-pearson <paul.pearson@version1.com> SSCS-11661 Replace google analytics with new script (#1390) * SSCS-11661 Replace google analytics with new script * SSCS-11661 Reinstate gtm script The Google tag manager script was erroneously removed after misunderstanding what was required * SSCS-11661 Correct the service name * SSCS-11856 Change cookieName to the one used by the banner * SSCS-11856 Update known issues * SSCS-11856 Log cookie prefs as json string * SSCS-11856 Revert cookieName to compare behaviour * SSCS-11856 Convert boolean true to 'on' cookie_policy uses boolean rather than 'on'/'off' * SSCS-11856 Convert boolean true to 'on' cookie_policy uses boolean rather than 'on'/'off' * SSCS-11856 Do not push preferences Test to see if this still sets preferences * SSCS-11856 Fix lint errors * SSCS-11856 Implement sscs cookie prefs cooke * SSCS-11856 Fix lint errors * Revert "SSCS-11856 Fix lint errors" This reverts commit 49a2933. * SSCS-11856 Adapt cookie-manager to also store settings in an expected cookie * SSCS-11856 Update known issues * SSCS-11856 Uncomment push to dataLayer * SSCS-11856 Remove manipulation of cookie prefs * SSCS-11856 Fix setting of user prefs cookie * SSCS-11856 Fix setting of user prefs cookie * SSCS-11856 Fix for getAnalyticsSelectedValue.value This, and getApmSelectedValue.value are strings rather than booleans. * SSCS-11856 Put "on"/"off" in quotes * SSCS-11856 Update known issues * SSCS-11856 Wrap in a <form> This is required for the new cookie manager, which listens for "submit" * SSCS-11856 Change cookie save from <a> to <button> Need to submit the form for cookie manager to work * SSCS-11856 Replace cookie banner Replace the cookie banner with one compatible with the new cookie manager * SSCS-11856 Remove unrequired js file * SSCS-11856 Enable cookie banner on preview * SSCS-11661 Remove old cookies manager dependency * SSCS-11366 Upgrade vulnerable dependency CVEFix - 07.08.23 (#1395) * CVEFix - 07.08.23 * CVEFix - 07.08.23 Security Fix - 08.08.23 (#1396) Security Fix - 08.08.23 (#1397) add sscs settings for xui (#1398) Security Fix - 10.08.23 (#1399) Fix yarn warning (#1402) SSCSCI-8 (#1400) SSCSCI-10: upgrade to node18 and tidyup deps (#1404) * SSCSCI-10: upgrade to node18 and tidyup deps * SSCSCI-18: add renovate * SSCSCI-18: minor formatting changes * SSCSCI-18: extend hmcts renovate config * SSCSCI-18: extend hmcts renovate config * SSCSCI-18: downgrade test deps * SSCSCI-18: fix/suppress CVEs * SSCSCI-18: update yarn lock * SSCSCI-18: minor webpack fixes * SSCSCI-18: fix failing tests * SSCSCI-18: fix accessibility tests * SSCSCI-18: try removing app-insights-metrics to fix docker build * SSCSCI-18: reinstate app-insights-metrics * SSCSCI-18: try buster-slim base image * SSCSCI-18: revert to alpine base image * SSCSCI-18: move webpack and co back as prod deps * SSCSCI-18: remove app-insights-metrics to fix docker build * SSCSCI-18: move cross-env back to main deps * SSCSCI-18: override redis version for one-per-page * SSCSCI-18: upgrade e2e tests to codecept 3 * SSCSCI-18: reduce test wait times * SSCSCI-18: reduce test wait times * SSCSCI-18: fix add-another button issue * SSCSCI-18: remove obsolete headless config * SSCSCI-18: remove add-another-add-link styling use govuk buttons styles directly * SSCSCI-18: exclude datesCantAttend tests * SSCSCI-18: restore datesCantAttend tests * SSCSCI-18: restore govuk-button ext for uploadEv * SSCSCI-18: restore button role * SSCSCI-18: remove whitespace * SSCSCI-18: fix e2e issues when js is off * SSCSCI-18: fix e2e issues when js is off * SSCSCI-18: suppress known vulnerability * SSCSCI-18: fix e2e issues when js is off * SSCSCI-18: omit skipPcq step to fix e2e * SSCSCI-18: force click when js off * SSCSCI-18: restore skipPcq e2e test step * SSCSCI-18: turn off js without reload * SSCSCI-18: upgrade vulnerable deps to fix CVEs * SSCSCI-18: downgrade debug to babel compatible version * SSCSCI-18: restore codecept conf * SSCSCI-18: restore headless e2e running * SSCSCI-18: only run test locally test fails on preview, but passes locally. issue to be investigated in https://tools.hmcts.net/jira/browse/SSCSCI-457 * SSCSCI-18: last attempt to fix test * SSCSCI-18: omit problem test * SSCSCI-18: fix input fields styling * SSCSCI-18: fix evidenceUpload issues due to formidable upgrade * SSCSCI-18: update idam-simulator port * SSCSCI-18: allow forms to redirect to idam for login * SSCSCI-18: suppress vulnerability * SSCSCI-18: sync unit tests with code changes * SSCSCI-18: accept login url for CSP form-action SSCSCI-18: upgrade babel-traverse in dep to fix CVE (#1408) * SSCSCI-18: upgrade babel-traverse in dep to fix CVE * SSCSCI-18: upgrade nodejs chart version Update README.md (#1413) * Update README.md * suppress vulnerability in transitive dependency add PCQ url to allowed form-action redirects (#1414) SSCSCI-9: test postcodeLookup Update README.md (#1416) * Update README.md * fix security issue SSCSCI-9: allow time for user to login SSCSCI-9: add retry for signout SSCSSCI-9 Load server key and certificate from azure Revert "SSCSSCI-9" This reverts commit 19afeb1. SSCSSCI-9 Generate server key and certificate from mountSecrets.js SSCSSCI-9 Store secrets in environmental variables. remove change in gitignore prefix and suffix change SSCSCI-9: update yarn lock file SSCSCI-9: minor tidyup SSCSCI-9: obfuscate NINO for privacy Add nino for cya test SSCSCI-9: fix failing tests SSCSCI-9: update sonar exclusions SSCSCI-9: update sonar exclusions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira link (if applicable)
Change description
Checklist