Closed erinreeves closed 1 year ago
I tried building this locally, but there was an issue with client:retire javascript security checks.
> Task :client:retire
> onestop-client@2.4.2 retire
> retire -p
retire.js v3.0.7
Downloading https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json ...
Downloading https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json ...
/Users/ktanaka/src/github/cedardevs/onestop/client/build/webpack/main-2cf2901766779afcc345.bundle.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/moment.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/dist/moment.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/min/moment-with-locales.min.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/min/moment.min.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/src/moment.js
↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
DEPRECATION NOTICE: The node scanning is deprecated and will be removed soon. See https://github.com/RetireJS/retire.js/wiki/Deprecating-the-node.js-scanner
> Task :client:retire FAILED
I can merge and then resolve this separately or we can work on fixing the CVE-2022-31129 first.
Merging #1534 (d15d188) into master (0ce5bbc) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## master #1534 +/- ##
=========================================
Coverage 56.13% 56.13%
Complexity 788 788
=========================================
Files 347 347
Lines 10295 10295
Branches 1167 1167
=========================================
Hits 5779 5779
Misses 4043 4043
Partials 473 473
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
…nableSearchWar. Can do on CLI -DenableSearchWar=true