search

cedardevs / onestop

OneStop is a data discovery system being built by CIRES researchers on a grant from the NOAA National Centers for Environmental Information. We welcome contributions from the community!
GNU General Public License v2.0
42 stars 20 forks source link

Made Search's war task disabled by default, enabling via env var of e… #1534

Closed erinreeves closed 1 year ago

erinreeves commented 1 year ago

…nableSearchWar. Can do on CLI -DenableSearchWar=true

kenhtanaka commented 1 year ago

I tried building this locally, but there was an issue with client:retire javascript security checks. 

> Task :client:retire

> onestop-client@2.4.2 retire
> retire -p

retire.js v3.0.7
Downloading https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json ...
Downloading https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json ...
/Users/ktanaka/src/github/cedardevs/onestop/client/build/webpack/main-2cf2901766779afcc345.bundle.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/moment.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/dist/moment.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/min/moment-with-locales.min.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/min/moment.min.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
/Users/ktanaka/src/github/cedardevs/onestop/client/node_modules/moment/src/moment.js
 ↳ moment.js 2.29.3
moment.js 2.29.3 has known vulnerabilities: severity: high; summary: Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4, CVE: CVE-2022-31129; https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
DEPRECATION NOTICE: The node scanning is deprecated and will be removed soon. See https://github.com/RetireJS/retire.js/wiki/Deprecating-the-node.js-scanner 

> Task :client:retire FAILED

I can merge and then resolve this separately or we can work on fixing the CVE-2022-31129 first.

codecov[bot] commented 1 year ago

Codecov Report

Merging #1534 (d15d188) into master (0ce5bbc) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #1534   +/-   ##
=========================================
  Coverage     56.13%   56.13%           
  Complexity      788      788           
=========================================
  Files           347      347           
  Lines         10295    10295           
  Branches       1167     1167           
=========================================
  Hits           5779     5779           
  Misses         4043     4043           
  Partials        473      473

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.