davidfurey
commented
1 year ago This looks good to me, but I see that the last deploy to CODE failed. I'm happy to +1 once you've tested it in CODE.
Closed ParisaTork closed 1 year ago
davidfurey
commented
1 year ago This looks good to me, but I see that the last deploy to CODE failed. I'm happy to +1 once you've tested it in CODE.
ParisaTork
commented
1 year ago Changing tack in light of recent patches made to TR (#234, #235)
jonathonherbert
commented
1 year ago @ParisaTork, should we close this PR, or perhaps refine it to narrow down the list of things we're updating? Some of these still look relevant. Very happy to pick this up going forward if needed.
jonathonherbert
commented
1 year ago I've rebased and deployed to CODE, and all looks well – tested refreshing rules in manager, and running a check in checker.
What does this change?
Resolves high Snyk vulnerabilities in TR
Before:
After (Minus 2 since com.fasterxml.jackson.core:jackson-databind and com.fasterxml.jackson.dataformat:jackson-dataformat-cbor will be resolved):
The only remaining vulnerability is com.squareup.okhttp3:okhttp from com.gu:content-api-client-default_2.13, which contains CVEs in all its releases.
Link to old report: https://app.snyk.io/org/guardian/project/8ecf100e-b5f7-43e5-bbaa-c28fcd28eb7a/history/aa7c7207-e4ba-4171-8a10-3a9abd0ff883 Link to new report: https://app.snyk.io/org/guardian/project/8ecf100e-b5f7-43e5-bbaa-c28fcd28eb7a/history/c3017eca-b17a-4035-88f0-e7a02aa46b43
How to test
Deploy to CODE and check the app/logs are all okay.
How can we measure success?
Have we considered potential risks?
Images
Accessibility