[Snyk] Fix for 10 vulnerable dependencies

[snyk-bot]

Description

This PR fixes one or more vulnerable packages in the npm dependencies of this project. See the Snyk test report for more details.

Snyk Project: mmisw/orr-portal:package.json

Snyk Organization: mmisw

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

• npm:angular-jwt:20180605
• npm:angular:20150310 - potentially breaking change
• npm:angular:20150315 - potentially breaking change
• npm:angular:20150807 - potentially breaking change
• npm:angular:20150807-1 - potentially breaking change
• npm:angular:20150909 - potentially breaking change
• npm:angular:20151205 - potentially breaking change
• npm:angular:20160122 - potentially breaking change
• npm:angular:20171018 - potentially breaking change
• npm:angular:20180202 - potentially breaking change

You can read more about Snyk's upgrade and patch logic in Snyk's documentation.

Check the changes in this PR to ensure they won't cause issues with your project.

Stay secure, The Snyk team

Note: You are seeing this because you or someone else with access to this repository has authorised Snyk to open Fix PRs. To review the settings for this Snyk project please go to the project settings page.

[lewismc]

@carueda how did you determine whether there was any deprecation last time around?

[carueda]

@lewismc I'm not remembering with all precision, but I think I first saw a notification from Snyk, which I enabled a couple of months ago, and then from Github itself.

BTW, I'll give this PR a try and report here.

[carueda]

I'm testing this branch locally, and against mmisw's ORR to avoid complication with the recent issues noted with the COR instance.

Some testing looking good so far, except that the angular-ui-grid used for displaying ontology contents is not showing at all! (however, the main ontology table, which also uses such component, is working just fine, in fact, #125 would be fixed).

Also, I'm noting these "transition superseded" errors while navigating routes:

in this case, upgrading the old version of angular-ui-router from the old 0.2.18 to 1.0.22 (the latest at this point) seems to get rid of those errors. I'll push this upgrade as well while we are able to test more and in particular to determine how to fix the missing triple table for ontology contents.

[carueda]

@lewismc would be good if you could also test this branch locally, to agree on what is and what's not working .

[carueda]

Investigating the missing table issue, looks like this is what's basically happening: https://stackoverflow.com/questions/42426006/angularjs-upgrade-1-5-to-1-6-1-7-makes-directive-scope-bindings-undefined

I noted the strange undefined bindings while tracing the dispatch of ontology contents for CF:

Those log lines I added locally are in rj-viewer.js:

Note: basically two "misbehaviors" caused by breaking changes in angular are exposed here:

• the passed rj data to the controller becomes undefined even though that is the actual CF contents from the enclosing component (confirmed but not shown above)

• the vm.items array is displayed as expected right after initialized, but then it becomes undefined upon completion of the helper updateModelArray.

So, the "obvious" solution is simply to properly migrate from angular 1.4 to 1.6, which as far as I can tell now, will require some significant effort.