Closed karakuz closed 1 month ago
according to package-lock.json, @siemens/ix-aggrid is peerDependent to aggrid for versions ^28 || ^29 || ^30 and ag-grid packages vulnerable to Prototype Pollution for versions < 32.0.1
package-lock.json
@siemens/ix-aggrid
peerDependent
^28 || ^29 || ^30
We can not deploy changes since having vulnerability scanner in our pipelines. Using npm ci while building
npm ci
npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: @siemens/ix-aggrid@2.1.6 npm ERR! Found: ag-grid-community@32.1.0 npm ERR! node_modules/ag-grid-community npm ERR! ag-grid-community@"^32.1.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer ag-grid-community@"^[28]() || ^29 || ^30" from @siemens/ix-aggrid@2.1.6 npm ERR! node_modules/@siemens/ix-aggrid npm ERR! @siemens/ix-aggrid@"^2.1.3" from the root project
"node_modules/@siemens/ix-aggrid": { "version": "2.1.6", "resolved": "https://registry.npmjs.org/@siemens/ix-aggrid/-/ix-aggrid-2.1.6.tgz", "integrity": "sha512-Jo/XmPbhlcZIf1EuQ/h8+HpQX27JWbb+e9Y5QsYNNU9TbTEZoOkKKx3jhZqHne0whm442Cs6ByRWBR2x3As3qw==", "dependencies": { "@siemens/ix": "~2.4.1" }, "peerDependencies": { "ag-grid-community": "^28 || ^29 || ^30" } }
JavaScript
2.4.1
please check above
The dependency update is already tracked via https://github.com/siemens/ix/issues/1131. I will close this issue here.
Prerequisites
What happened?
according to
package-lock.json
,@siemens/ix-aggrid
ispeerDependent
to aggrid for versions^28 || ^29 || ^30
and ag-grid packages vulnerable to Prototype Pollution for versions < 32.0.1We can not deploy changes since having vulnerability scanner in our pipelines. Using
npm ci
while buildingWhat type of frontend framework are you seeing the problem on?
JavaScript
Which version of iX do you use?
2.4.1
Code to produce this issue.