Page MenuHomePhabricator
Create Task
Maniphest T218980

Fix npm audit warnings
Closed, ResolvedPublic
Actions

Description

One audit warning is already fixed by https://gerrit.wikimedia.org/r/c/wikibase/termbox/+/498320

There are 66 remaining audit warnings, for
https://www.npmjs.com/advisories/577 1x
https://www.npmjs.com/advisories/782 1x
https://www.npmjs.com/advisories/786 64x

The persistent 64 warnings ("Low") can be attributed to two of our
direct dependencies awaiting an update - following these two tickets
should give us good indication when this is resolved
https://github.com/vuejs/vue-cli/issues/3497
https://github.com/wikimedia/stylelint-config-wikimedia/issues/88

The remaining two warnings (1 "Low" & 1 "Moderate") are both caused through
service-runner and eventually kad depending on the v3 major of lodash.
Something we could get involved with should this not be addressed by the
responsible team soon: https://github.com/wikimedia/kad/

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
npm: updatewikibase/termboxmaster+730 -296
npm: updatewikibase/termboxmaster+1 K -432
npm: fix audit warningwikibase/termboxmaster+3 -3
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT218980 Fix npm audit warnings
 OpenNoneT218979 NPM Audit: get fixed braces version in direct deps

Event Timeline

Tarrow created this task.Mar 22 2019, 9:09 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 22 2019, 9:09 AM
Tarrow added a subtask: T218979: NPM Audit: get fixed braces version in direct deps.Mar 22 2019, 9:11 AM
gerritbot added a comment.Mar 22 2019, 9:12 AM

Change 498320 had a related patch set uploaded (by Tarrow; owner: Pablo Grass (WMDE)):
[wikibase/termbox@master] npm: fix audit warning

https://gerrit.wikimedia.org/r/498320

gerritbot added a project: Patch-For-Review.Mar 22 2019, 9:12 AM
gerritbot added a comment.Mar 22 2019, 9:15 AM

Change 498320 merged by jenkins-bot:
[wikibase/termbox@master] npm: fix audit warning

https://gerrit.wikimedia.org/r/498320

gerritbot added a comment.Apr 12 2019, 7:32 AM

Change 503263 had a related patch set uploaded (by Pablo Grass (WMDE); owner: Pablo Grass (WMDE)):
[wikibase/termbox@master] npm: update

https://gerrit.wikimedia.org/r/503263

gerritbot added a comment.Apr 15 2019, 10:00 AM

Change 503263 merged by jenkins-bot:
[wikibase/termbox@master] npm: update

https://gerrit.wikimedia.org/r/503263

gerritbot added a comment.Apr 25 2019, 8:31 AM

Change 506359 had a related patch set uploaded (by Pablo Grass (WMDE); owner: Pablo Grass (WMDE)):
[wikibase/termbox@master] npm: update

https://gerrit.wikimedia.org/r/506359

gerritbot added a comment.Apr 25 2019, 9:13 AM

Change 506359 merged by jenkins-bot:
[wikibase/termbox@master] npm: update

https://gerrit.wikimedia.org/r/506359

WMDE-leszek mentioned this in T216419: Security review - Wikibase Termbox Front End.Apr 26 2019, 11:15 AM
Lydia_Pintscher added a project: Wikidata.Jul 11 2019, 12:23 PM
Umherirrender closed this task as Resolved.Apr 5 2022, 7:36 PM
Umherirrender removed a project: Patch-For-Review.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits