-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEYCLOAK-8541: Admin console uses vulnerable AngularJS #5679
Conversation
@keycloak-ci-bot test |
@ssilvert Job is scheduled |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've build the distribution from your branch. Using Chrome's "incognito mode", I've logged in into the Admin Console. I can see that angular.min.js
is loaded but looking at the header it's still v1.6.6.
@ssilvert Could you please review?
Glad you caught that. Looks like we now have two node_modules directories. It's possible that Stian added the second one by mistake, but it could have been intentional. I'm going to update the other one and be done for now. I'll create a separate JIRA to investigate. |
Now I see what he did. The second version is a "clean" directory with only the stuff that belongs in the distro. We really need to pull that stuff out automatically so we don't have two copies of the same file in the repo. But again, that's a task for another day. See KEYCLOAK-8700. |
0235c37
to
e005190
Compare
@vmuzikar You should be able to retest this now. |
I remember now - you need to run mvn clean install -P npm-update in themes. That'll update the clean node_modules. I agree at some point we need to automate this. Probably move to just downloading everything from NPM. There's one thing I don't like about that and it's that I would have to run a Maven build before running KeycloakServer from IDE. I can easily see that becoming out of sync as at least personally I rarely do a Maven build locally for Keycloak. |
I don't think it makes a difference. The result is exactly the same. |
Ok, if we're sure the result is the same, I'll proceed with the testing... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM now, thanks.
@keycloak-ci-bot test |
@ssilvert Job is scheduled |
No description provided.