search

nasa / earthdata-search

Earthdata Search is a web application developed by NASA EOSDIS to enable data discovery, search, comparison, visualization, and access across EOSDIS' Earth Science data holdings.
https://search.earthdata.nasa.gov
Other
743 stars 221 forks source link

EDSC-4228: upgrade packages with npm audit fix #1795

Closed rushgeo closed 1 month ago

rushgeo commented 1 month ago

Overview

What is the feature?

Fixes the following vulnerabilities identified in EDSC:

What is the Solution?

Upgraded the package versions for elliptic, braces, and browserify-sign. All of these are required by other packages that have not updated their dependencies to reference updated versions yet.

Then, I manually upgraded several AWS packages identified by npm audit so that we could identify which were resulting in the largest changes in package-lock.json. Finally, ran npm audit fix for the remaining packages.

What areas of the application does this impact?

Cryptography, brace expansion, AWS API clients via XML parsing library.

Testing

Do regression testing following the EDSC regression test guide.

Checklist

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 93.31%. Comparing base (08063c9) to head (d1d6a69). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1795 +/- ## ========================================== - Coverage 93.32% 93.31% -0.02% ========================================== Files 755 755 Lines 18245 18245 Branches 4712 4703 -9 ========================================== - Hits 17028 17026 -2 - Misses 1133 1135 +2 Partials 84 84 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.