Security Review for Vega 5 and Vega-Lite JavaScript Libraries
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Bawolff
	May 8 2019, 4:24 PM

Description

There's a gsoc project to integrate Vega 5 and Vega-Lite into the Maps extension.

In addition to any custom shims, the library itself needs to be reviewed.

Note: That Vega v1 through v3 libraries have previously been reviewed - see T172938.

Related Objects

Mentioned Here: T172938: Security review new version of the Vega lib

Event Timeline

Bawolff created this task.May 8 2019, 4:24 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 8 2019, 4:24 PM

sbassett assigned this task to Bawolff.May 8 2019, 4:25 PM

sbassett triaged this task as Medium priority.

sbassett edited projects, added Security-Team-Review-Active; removed deprecated-security-team-reviews.

sbassett subscribed.

Yurik updated the task description. (Show Details)May 8 2019, 6:52 PM

Do we want a separate ticket for Vega-Lite? Vega-Lite can be thought of as an "add-on" converter library that simply converts one JSON into a different JSON, without any other functionality (e.g. no XHR calls, no UI, etc). This way users can use a much simpler language VegaLite, and it will be dynamically converted to a full Vega.

@Yurik - I think we can probably just include Vega-Lite on this task. I can update the title and description.

sbassett renamed this task from Security review for vega 5 to Security Review for Vega 5 and Vega-Lite JavaScript Libraries.May 8 2019, 9:03 PM

sbassett added projects: Maps, JavaScript.

sbassett updated the task description. (Show Details)

Review stalled, waiting on further updates from related GSoC project managed by @Yurik.

sbassett added a project: Upstream.Jun 11 2019, 5:15 PM

@sbassett sorry, unsure what you mean. Some code has already been completed -- https://github.com/nyurik/mw-graph-shared/commit/b97fd309897f701bd0db6b1d60635d0786d84887 -- making it possible to integrate the future v3+. The next step would be to create a patch for graphoid & graph ext using that shared code.

@Yurik - the Security-Team is just waiting on everything to be completed (basically ready for deployment) on your's/Vega's end before we complete any further review on our end.

sounds good, thanks @sbassett !

sbassett moved this task from In Progress (Min Weekly Updates) to Waiting On Response/Mitigation on the Security-Team-Review-Active board.Jun 25 2019, 5:15 PM

sbassett claimed this task.Jul 2 2019, 5:09 PM

sbassett edited subscribers, added: Reedy; removed: sbassett, Bawolff.

sbassett edited projects, added deprecated-security-team-reviews; removed Security-Team-Review-Active.Jul 9 2019, 6:18 PM

sbassett moved this task from Incoming to Waiting on the deprecated-security-team-reviews board.

Moving to frozen until it is clear that work will continue.

Hi @Yurik - will we be providing additional review for you or may I close this ticket? Please let us know, and thank you!

Jennifer

Thanks, closing for now, waiting for the Vega team and the students.

sbassett moved this task from Frozen to Done on the deprecated-security-team-reviews board.Aug 21 2019, 2:05 PM

Thank you for the quick reply @Yurik ! Please let us know when we are needed for additional review. Cheers.

• chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:19 PM

• chasemp added a project: Application Security Reviews.Jan 8 2020, 4:40 PM

• chasemp moved this task from Incoming to Our Part Is Done on the Application Security Reviews board.Jan 8 2020, 4:43 PM

• chasemp added a project: secscrum.Mar 10 2020, 8:11 PM

• chasemp moved this task from Incoming to Our Part Is Done on the secscrum board.Mar 10 2020, 8:19 PM

Security Review for Vega 5 and Vega-Lite JavaScript LibrariesClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Security Review for Vega 5 and Vega-Lite JavaScript Libraries
Closed, ResolvedPublic
Actions