Skip to content

Resolve #136: fix all dependabot issues marked critical #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
njbrunner merged 6 commits into from
Oct 30, 2024
Merged

Resolve #136: fix all dependabot issues marked critical #158

njbrunner merged 6 commits into from
Oct 30, 2024

Conversation

@njbrunner
Copy link
Contributor

@njbrunner njbrunner commented Oct 29, 2024

Addressed all critical security vulnerabilities.

Please test UI thoroughly

Changes

  • Removed crypto.js
  • Removed babel-eslint
  • Removed cbor
  • Upgraded @vue/cli-service to version 5.0.8
  • Upgraded @babel/traverse to version 7.25.9
  • Upgraded loader-utils to version 2.0.4
  • Upgraded @vue/cli-plugin-unit-mocha to version 5.0.8
  • Updated vue.config.js to support upgrade to @vue/cli-service@5.0.8
  • Updated yarn.lock files for server and public

Unrelated Extras:

  • Removed unnecessary circular dependency
  • Fixed adm template key issue causing compiling errors
  • Removed unused apiSendTBR method

Closes #136

@njbrunner njbrunner added this to the ANMS v1.2.0 milestone Oct 29, 2024
@njbrunner njbrunner self-assigned this Oct 29, 2024
@njbrunner njbrunner linked an issue Oct 29, 2024 that may be closed by this pull request
Fix all Dependabot issues marked "Critical" #136
Closed
6 tasks
BrianSipos
BrianSipos reviewed Oct 29, 2024
View reviewed changes
Copy link
Collaborator

@BrianSipos BrianSipos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to my eyes but I didn't try to deploy or run it.

d-linko
d-linko approved these changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@d-linko d-linko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was able to deploy and ui looked fine

@njbrunner njbrunner merged commit 4b23567 into main Oct 30, 2024
@njbrunner njbrunner deleted the 136-fix-all-dependabot-issues-marked-critical branch October 30, 2024 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BrianSipos BrianSipos BrianSipos left review comments

@d-linko d-linko d-linko approved these changes

Assignees

@njbrunner njbrunner

Labels

None yet

Projects

ANMS
Status: Done

Milestone

ANMS v2.0.0

Development

Successfully merging this pull request may close these issues.

Fix all Dependabot issues marked "Critical"

3 participants

@njbrunner @BrianSipos @d-linko