Maniphest T203749

marvin: critical severity security vulnerability detected in macaddress < 0.2.9 defined in package-lock.json.
Closed, DeclinedPublic
Actions

Assigned To

None

Authored By

	hashar
	Sep 7 2018, 7:39 AM

Description

From Github:

Known critical severity security vulnerability detected in macaddress < 0.2.9 defined in package-lock.json.
package-lock.json update suggested: macaddress ~> 0.2.9.

Related Objects

Mentioned In: T173331: Inform PCS development efforts
T173317: Initial version of article rendering
T177464: Submit an RFC and discuss it with TechCom
T176958: Display article content within article namespace
T175806: Implement grid & responsive system
T176961: EOQ1 house cleaning
T176962: Upstreaming efforts
T176959: Display proper section collapsing within article namespace
T177000: Create generic Error Page template
T176980: Article namespace must display last edited information
T177006: Optimize the size of the SVG en-wordmark
T177004: Page switching interaction
T177010: Improve style guide structure
T177057: Clarify production deployment requirements, outline and blockers
T177058: Set up performance tooling & dashboards
T177222: Add Link component tests
T177503: Add WithContext tests
T179381: Add NPM dependency security audit CI job
T177531: Review and update documentation
T177681: Page URL should update on redirect
T178403: Gather information about devices, network speeds to run tests about
T178407: Define navigation scenarios to test and measure
T179433: Add image lazy loading
T179489: Add support for page transitions
T179437: Split page library output by transform
T179493: Add immediate, short, long, and failure page transitions
T183152: Use Wikimedia standards for linting and formatting CSS files
T184954: Scroll offset is wrong for URL fragments visited from the Marvin client
T158902: Test Performance of Marvin (SSR CapEX)
T205170: Archive marvin
Mentioned Here: T205170: Archive marvin

Event Timeline

hashar created this task.Sep 7 2018, 7:39 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 7 2018, 7:39 AM

hashar added a project: Marvin.Sep 7 2018, 7:40 AM

hashar added subscribers: • Sniedzielski, • Jhernandez.

I don't think marvin is being actively developed / maintained, and would recommend archiving it.

@Sniedzielski -> @Niedzielski

It seems Stephen and Joaquin did the last patches on marvin.git, the last ones being from ~ January 2018. Is Marvin still a thing or should we look at archiving the git repository / phabricator project etc?

Yes, the project is stalled for the foreseeable future and should be archived. I've updated the project description in Phabricator.

In T203749#4605708, @Niedzielski wrote:

Yes, the project is stalled for the foreseeable future and should be archived. I've updated the project description in Phabricator.

Will someone update https://www.mediawiki.org/wiki/Reading/Web/Projects/NewMobileWebsite ? Like {{Historical}} or such?