CU - Resolve high severity Dependabot vulnerability alerts

department-of-veterans-affairs / va-mobile-app

"If VA were a company, it would have a flagship mobile app."

https://department-of-veterans-affairs.github.io/va-mobile-app/

17 stars 2 forks source link

CU - Resolve high severity Dependabot vulnerability alerts #8766

Open theodur opened 5 months ago

theodur commented 5 months ago

Proposed Change

Resolving high severity vulnerability alerts from Dependabot by upgrading the necessary packages.

Why Should We Prioritize?

High severity vulnerabilities can impact the security of the mobile app.

Coding Time Estimation

Testing Considerations

Checklist

[ ] Add the relevant team label (Health, global, etc.)
[ ] Attach to the Engineering Initiatives (Frontend) epic

theodur commented 5 months ago

All vulnerabilities can be resolved (PR) except for the ip vulnerability. There isn't a patch out for ip yet, so I'll keep this ticket open and mark it as externally blocked in the meantime

TKDickson commented 1 month ago

@theodur it looks like there is a patch for IP stuff now. Do we still need it?

theodur commented 2 weeks ago

It looks like the IP vulnerability was resolved last month, so that one is all good. I noticed there are a few new high severity vulnerabilities that came up during the time this ticket was blocked. I'll keep this ticket open and remove the blocked label while I work on those as well