Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities in dependencies #4985

Merged
merged 7 commits into from Dec 20, 2022
Merged

Fix vulnerabilities in dependencies #4985

merged 7 commits into from Dec 20, 2022

Conversation

Desvelao
Copy link
Member

@Desvelao Desvelao commented Dec 13, 2022
edited

Description

This pull request fixes some problems related to dependency vulnerabilities:

  • Remove angular-chart.js dependency and unused code
  • Upgrade winston to 3.5.1
  • Upgrade pdfmake to 0.2.6

Issues Resolved

Closes #4956

Evidence

[Provide screenshots or videos to prove this PR solves the issues]

Test

  1. Scenario Plugin logs should be generated without problems
    Given a new environment without plugin logs stored in the filesystem
    When the plugin starts
    Then it should exist the plugin logs files with some logs

  2. Scenario The PDF reports can be generated correctly - Modules without selected agent
    When the user exports to PDF a Dashboard. For example, Security events and no agent is selected
    Then the PDF should be generated correctly.
    And the logo should appear
    And the default header should appear
    And the default footer should appear
    And the visualizations and summary table should appear

  3. Scenario The PDF reports can be generated correctly - Modules with selected agent
    When the user exports to PDF a Dashboard. For example, Security events and any agent is selected
    Then the PDF should be generated correctly.
    And the logo should appear
    And the default header should appear
    And the default footer should appear
    And the visualizations and summary table should appear

  4. Scenario The PDF reports can be generated correctly - Agent configuration
    When the user exports to PDF an agent configuration
    Then the PDF should be generated correctly.
    And the logo should appear
    And the default header should appear
    And the default footer should appear
    And the data should appear

  5. Scenario The PDF reports can be generated correctly - Agent inventory
    When the user exports to PDF an agent configuration
    Then the PDF should be generated correctly.
    And the logo should appear
    And the default header should appear
    And the default footer should appear
    And the data should appear

  6. Scenario The PDF reports can be generated correctly - Group configuration
    When the user exports to PDF an agent configuration
    Then the PDF should be generated correctly.
    And the logo should appear
    And the default header should appear
    And the default footer should appear
    And the data should appear

Check List

  • All tests pass
    • yarn test:jest
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@Desvelao Desvelao added the type/security security issue label Dec 13, 2022
@Desvelao Desvelao requested a review from a team as a code owner December 13, 2022 14:38
@Desvelao Desvelao self-assigned this Dec 13, 2022
@Desvelao Desvelao linked an issue Dec 13, 2022 that may be closed by this pull request
Update dependencies #4956
Closed
@Desvelao Desvelao changed the title Fix dependency vulnerabilities Fix vulnerabilities in dependencies Dec 13, 2022
@github-actions
Copy link
Contributor

Code coverage (Jest) % values
Statements 8.65% ( 3193 / 36906 )
Branches 4.43% ( 1271 / 28632 )
Functions 7.54% ( 691 / 9157 )
Lines 8.71% ( 3080 / 35329 )

@chantal-kelm chantal-kelm self-requested a review December 15, 2022 11:55
@Desvelao
Copy link
Member Author

Changes

  • Upgrade dependency pdfmake to 0.2.6

chantal-kelm
chantal-kelm previously approved these changes Dec 15, 2022
View reviewed changes
Copy link
Member

@chantal-kelm chantal-kelm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: ✅
Test: ✅

asteriscos
asteriscos approved these changes Dec 19, 2022
View reviewed changes
Copy link
Member

@asteriscos asteriscos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: ✔️
Test: ✔️

Screenshots

Screenshot from 2022-12-19 16-06-40
Screenshot from 2022-12-19 16-07-22

@Desvelao Desvelao merged commit a33ba7e into 4.4-2.4-wzd Dec 20, 2022
@Desvelao Desvelao deleted the fix/4956-dependency-vulnerabilities branch December 20, 2022 07:51
@github-actions
Copy link
Contributor

The backport to 4.4-7.16 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-4.4-7.16 4.4-7.16
# Navigate to the new working tree
cd .worktrees/backport-4.4-7.16
# Create a new branch
git switch --create backport-4985-to-4.4-7.16
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 a33ba7e7c7cd0ad1446171c0e9b7ddb6cd72e394
# Push it to GitHub
git push --set-upstream origin backport-4985-to-4.4-7.16
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-4.4-7.16

Then, create a pull request where the base branch is 4.4-7.16 and the compare/head branch is backport-4985-to-4.4-7.16.

Desvelao added a commit that referenced this pull request Dec 20, 2022
@Desvelao
Fix vulnerabilities in dependencies (#4985)
bff9684 
* remove angular-chart

* winston dependency update (3.5.1)

* changelog: add PR entries

* dependency: upgrade dependency pdfmake to 0.2.6

* changelog: add the pull request entry

* test: updated test of reporting

Co-authored-by: yenienserrano <ian.serrano@wazuh.com>
Co-authored-by: Álex <alejandro.ruiz.becerra@wazuh.com>
(cherry picked from commit a33ba7e)
Desvelao added a commit that referenced this pull request Dec 20, 2022
@Desvelao
[Backport 4.4-7.16] Fix vulnerabilities in dependencies (#5015)
3303992 
Fix vulnerabilities in dependencies (#4985)

* remove angular-chart

* winston dependency update (3.5.1)

* changelog: add PR entries

* dependency: upgrade dependency pdfmake to 0.2.6

* changelog: add the pull request entry

* test: updated test of reporting

Co-authored-by: yenienserrano <ian.serrano@wazuh.com>
Co-authored-by: Álex <alejandro.ruiz.becerra@wazuh.com>
(cherry picked from commit a33ba7e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asteriscos asteriscos asteriscos approved these changes

@chantal-kelm chantal-kelm chantal-kelm left review comments

Assignees

@Desvelao Desvelao

Labels
type/security security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update dependencies
5 participants
@Desvelao @asteriscos @chantal-kelm @yenienserrano @AlexRuiz7