Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential security vulnerabilities in Dashboard and Workspace-loader #13924

Closed
akurinnoy opened this issue Jul 19, 2019 · 2 comments
Closed

Potential security vulnerabilities in Dashboard and Workspace-loader #13924

akurinnoy opened this issue Jul 19, 2019 · 2 comments
Assignees
@evidolob @akurinnoy
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.1.0

Comments

@akurinnoy
Copy link
Contributor

Github alerts for security issues in some of dependencies in Dashboard and Workspace-loader. We need to bump up versions of those dependencies.

Recommendations:

  • Upgrade handlebars to version 4.0.14 or later (high severity)
  • Upgrade lodash to version 4.17.13 or later (high severity)
  • Upgrade angular to version 1.6.0 or later (moderate severity)
@akurinnoy akurinnoy changed the title Potential security issues in Dashboard and Workspace-loader Potential security vulnerabilities in Dashboard and Workspace-loader Jul 19, 2019
@rhopp rhopp added the severity/P1 Has a major impact to usage or development of the system. label Jul 19, 2019
@rhopp rhopp added this to the 7.0.0 milestone Jul 19, 2019
@akurinnoy akurinnoy self-assigned this Jul 23, 2019
@akurinnoy
Copy link
Contributor Author

@l0rd @slemeur

Angular 1.6.x brings a breaking change which affects Dashboard.
Changes in bindings initialization mechanism break lots of directives and 82 unit tests as well.

Maybe, milestone should be revised for this issue?

@l0rd
Copy link
Contributor

l0rd commented Jul 23, 2019

@akurinnoy setting to 7.1.0 cc @nickboldt

@l0rd l0rd modified the milestones: 7.0.0, 7.1.0 Jul 23, 2019
@evidolob evidolob mentioned this issue Aug 7, 2019
Closed
26 tasks
@akurinnoy akurinnoy mentioned this issue Aug 22, 2019
Merged
@evidolob evidolob mentioned this issue Aug 28, 2019
Closed
20 tasks
@l0rd l0rd added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Aug 29, 2019
@sunix sunix added the status/in-progress This issue has been taken by an engineer and is under active development. label Sep 4, 2019
@akurinnoy akurinnoy removed the status/in-progress This issue has been taken by an engineer and is under active development. label Sep 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evidolob evidolob

@akurinnoy akurinnoy

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.1.0
Development

No branches or pull requests
5 participants
@l0rd @sunix @evidolob @rhopp @akurinnoy