Update npm dependencies of Tainted References
Closed, ResolvedPublic3 Estimated Story Points
Actions

Assigned To

Authored By

	WMDE-leszek
	Jan 27 2020, 3:13 PM

Description

Before launching on wikidata.org (Feb 3rd), check what npm audit outputs.
Severe security issues should be fixed before proceeding with the release on the wikidata.org

Reporting on 2020-01-2
68 low, 10 moderate, 4 high

Acceptance criteria:

npm audit does not report high-priority security issues

Details

	Subject	Repo	Branch	Lines +/-
	Update npm dependencies of Tainted References	mediawiki/extensions/Wikibase	master	+123 -30

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T243396 Security updates
		Resolved		Rosalie_WMDE	T243771 Update npm dependencies of Tainted References

Event Timeline

WMDE-leszek created this task.Jan 27 2020, 3:13 PM

WMDE-leszek updated the task description. (Show Details)

WMDE-leszek updated the task description. (Show Details)Jan 27 2020, 3:15 PM

WMDE-leszek set the point value for this task to 3.

WMDE-leszek moved this task from Backlog to Ready to estimate on the Wikidata Tainted References board.

Tarrow moved this task from Ready to estimate to Ready to pick up on the Wikidata Tainted References board.Jan 28 2020, 10:52 AM

Rosalie_WMDE edited projects, added Wikidata-Tainted-References-Sprint9; removed Wikidata Tainted References.Jan 30 2020, 2:00 PM

Rosalie_WMDE claimed this task.Jan 30 2020, 4:00 PM

Rosalie_WMDE moved this task from To Do to Doing on the Wikidata-Tainted-References-Sprint9 board.

Change 569024 had a related patch set uploaded (by Rosalie Perside (WMDE); owner: Rosalie Perside (WMDE)):
[mediawiki/extensions/Wikibase@master] Update npm dependencies of Tainted References

https://gerrit.wikimedia.org/r/569024

gerritbot added a project: Patch-For-Review.Jan 30 2020, 4:34 PM

Rosalie_WMDE moved this task from Doing to Peer Review on the Wikidata-Tainted-References-Sprint9 board.Jan 30 2020, 4:34 PM

Change 569024 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] Update npm dependencies of Tainted References

https://gerrit.wikimedia.org/r/569024

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.18; 2020-02-04).Jan 30 2020, 8:01 PM

Maintenance_bot removed a project: Patch-For-Review.Jan 30 2020, 8:10 PM

hoo moved this task from Peer Review to Test (Product Review) on the Wikidata-Tainted-References-Sprint9 board.Jan 30 2020, 9:06 PM

After the change npm audit outputs:

found 65 vulnerabilities (64 low, 1 moderate) in 89827 scanned packages
  64 vulnerabilities require semver-major dependency updates.
  1 vulnerability requires manual review. See the full report for details.

Seems good enough for now. Thanks!
Updating @vue/cli-service at some point wouldn't hurt. But this is to be addressed later.

WMDE-leszek closed this task as Resolved.Feb 10 2020, 9:35 AM

Update npm dependencies of Tainted ReferencesClosed, ResolvedPublic3 Estimated Story PointsActions

Description

Details

Related ObjectsSearch...

Event Timeline

Update npm dependencies of Tainted References
Closed, ResolvedPublic3 Estimated Story Points
Actions

Related Objects
Search...