Kahuna npm upgrades - Githubissues

guardian / grid

The Guardian’s image management system

https://www.theguardian.com/info/developer-blog/2015/aug/12/open-sourcing-grid-image-service

Apache License 2.0

1.43k stars 119 forks source link

Kahuna npm upgrades #4289

Closed dblatcher closed 1 week ago

dblatcher commented 2 weeks ago

What does this change?

Fixes a high vulnerability in Kahuna (jszip - version bump)

updates dependencies in dev/script/generate-config

How should a reviewer test this change?

on main, running npm audit --omit=dev in /kahanua will show the vulenerability: "jszip <3.8.0 Severity: high" On this branch, issue is resolved

Grid client app will still work.

Tested? Documented?

[x] locally by committer
[ ] locally by Guardian reviewer
[ ] on the Guardian's TEST environment
[ ] relevant documentation added or amended (if needed)

github-actions[bot] commented 2 weeks ago

- [Deploy build 12553 to TEST](https://riffraff.gutools.co.uk/deployment/deployAgain?project=media-service%3A%3Agrid%3A%3Aall&build=12553&stage=TEST&updateStrategy=MostlyHarmless&action=deploy) - [Deploy parts of build 12553 to TEST by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=media-service%3A%3Agrid%3A%3Aall&build=12553&stage=TEST&updateStrategy=MostlyHarmless)

From guardian/actions-riff-raff.

prout-bot commented 1 week ago

Seen on auth, usage, image-loader, metadata-editor, thrall, leases, cropper, collections, media-api, kahuna (merged by @dblatcher 8 minutes and 51 seconds ago) Please check your changes!