Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove additional unused dev dependencies to reduce security impacts #1482

Closed
jonespm opened this issue Feb 16, 2023 · 3 comments · Fixed by #1483
Closed

Remove additional unused dev dependencies to reduce security impacts #1482

jonespm opened this issue Feb 16, 2023 · 3 comments · Fixed by #1483
Assignees
@jonespm
Projects
MyLA-2023.01.02

Comments

@jonespm
Copy link
Member

jonespm commented Feb 16, 2023

Describe the bug (Tell us what happens instead of the expected behavior) :

There are still some dev dependencies that we haven't removed and one of these linux-libc-dev-5.10.162-1 came up in a security report. These are only needed to build dependencies and are not needed at runtime.

Remove this dependency but retain ones we do need as many others will be marked for removal.
@jonespm jonespm self-assigned this Feb 16, 2023
@jonespm jonespm added this to To do in MyLA-2023.01.02 via automation Feb 16, 2023
jonespm added a commit to jonespm/student-dashboard-django that referenced this issue Feb 16, 2023
@jonespm
Fixes tl-its-umich-edu#1482 - Remove additional unused dev dependenci…
119da5f 
…es to reduce

security impacts
@jonespm jonespm linked a pull request Feb 16, 2023 that will close this issue
Fixes #1482 - Remove additional unused dev dependencies to reduce security impacts #1483
Merged
@jonespm jonespm moved this from To do to In progress in MyLA-2023.01.02 Feb 16, 2023
MyLA-2023.01.02 automation moved this from In progress to Review/QA Mar 9, 2023
jonespm added a commit that referenced this issue Mar 9, 2023
@jonespm
Fixes #1482 - Remove additional unused dev dependencies to reduce sec…
5723311 
…urity impacts (#1483)
@jennlove-um jennlove-um moved this from Review/QA to Review/QA - DEV in MyLA-2023.01.02 Mar 29, 2023
@pushyamig
Copy link
Contributor

pushyamig commented Mar 30, 2023
edited

I ran docker scan my-learning-analytics_web on Latest from Master branch locally and I did not see this library come up in the list THAT a TEST PASS, does that satisfies QA requirement? @jonespm

@jonespm
Copy link
Member Author

jonespm commented Apr 3, 2023

Yes that's the QA plan. You can also look at Vulnerabilities tab on the latest tag on Docker Hub which should provide the same information.

https://hub.docker.com/r/tlitsumichedu/my-learning-analytics/tags

@pushyamig
Copy link
Contributor

Test Passes

@pushyamig pushyamig moved this from Review/QA - DEV to Done in MyLA-2023.01.02 Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonespm jonespm

Labels
None yet
Projects
No open projects
MyLA-2023.01.02
  
Done
Milestone
No milestone
2 participants
@jonespm @pushyamig