Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address Vulnerability Alerts in FOM Repository #712

Closed
craigyu opened this issue Dec 10, 2024 · 2 comments
Closed

Address Vulnerability Alerts in FOM Repository #712

craigyu opened this issue Dec 10, 2024 · 2 comments
Assignees
@ianliuwk1019
Labels
dependencies Pull requests that update a dependency file

Comments

@craigyu
Copy link
Collaborator

craigyu commented Dec 10, 2024

Description

The following vulnerability alerts need to be addressed in the FAM repository:

  1. PRs opened by Renovate

    • Note: Renovate PRs might trickle in as we merge updates. Any new ones should also be addressed promptly.

  2. Code scanning alerts

    • Review and resolve issues identified by GitHub code scanning.

  3. Dependabot alerts

    • Update dependencies to address flagged vulnerabilities.

Acceptance Criteria

  • All updates and fixes are thoroughly tested to ensure no existing features are broken.
  • Vulnerabilities are addressed in order of priority:
    • High severity
    • Moderate severity
    • Low severity
  • Any new Renovate PRs that appear during this process are addressed and merged appropriately.
@gormless87 gormless87 added the dependencies Pull requests that update a dependency file label Dec 10, 2024
ianliuwk1019 added a commit that referenced this issue Jan 8, 2025
@ianliuwk1019
feat:#712 migrate angular 17 (#731)
d76492a 
* Update typescript to 5.1.6

* temp: Upgrade angular/cli and angular/core to 16

* temp: upgrade angular material

* temp: upgrade @angular-eslint

* temp: upgrade ng-bootstrap and angular-fontawesome

* angular core/cli upgrade to 16 for admin

* upgrade angular material/cdk to 16 at admin; remove commonjs

* Upgrade angular-fontawesome and ng-bootstrap

* Update typescript and zonejs before angular 17 upgrade.

* update angular core/cli to 17

* Update angular common and various packages to 17

* upgrade angular cdk to 17

* upgrade angular material to 17

* upgrade angular-eslint to 17

* Update ng-bootstrap and ngx-bootstrap

* upgrade libs for angular

* upgrade typescript and zone.js before angular upgrade

* upgrade various angular packages to 17

* Remove not exist NgbNavbar

* @angular-eslint upgrade and some styling adjustment.

* Fix matBadge off issue after angular 17 migration.

* Replace moment with luxon for public

* Add 'luxon' before replacing moment. Re-facgtor some constant. Replacing moment from fom-add-edit compoent with luxon.

* Replace moment with luxon for interaction component.

* Replace moment with luxon for public notice edit component.

* Replace moment with luxon for fom-detail component.

* Remove moment from admin package.

* Replace lodash debounce with remeda funnel

* Replace lodash with remeda  for public-notice component.

* Remove lodash from details-panel component

* Replace lodash with remeda

* Replace isNil with isNullish from remeda for public

* upgrade remeda version at admin and replace lodash isNil to isNullish from remeda.

* Replace lodash with remeda

* Replace file-saver with file-saver-es es module lib

* add allowedCommonJsDependencies to ignore common js warning for only on (leaflet, leaflet.markercluster and object-hash).

* Remove ngx-dropzone and its unused compoent.

* Replace file-saver with file-saver-es at admin

* Use allowedCommonJsDependencies to ignore only leaflet.

* Minor upgrade aws-amplify version

* Add comment to a confusing date field.
@ianliuwk1019 ianliuwk1019 mentioned this issue Jan 8, 2025
Merged
@ianliuwk1019
Copy link
Collaborator

In addition to this ticket, these two are also completed: #731 (upgrade Angular to v17), #736 (upgrade aws-amplify to v6) and one pending to do in the future (but will not be in this sprint): #732 (upgrade Angular to v18).

FOM security vulnerabilities are now down to 5 and all other PRs created by "renovate" can be ignored now because they will depend on Angular 18 upgrade. Can close this ticket now.

@ianliuwk1019
Copy link
Collaborator

Addressing vulnerability fixes was done and merged. Pipeline deployed this to TEST environment.
However, this still needs to be tested in TEST environment and then deploy to PROD (pipeline workflow also is changed) manually.

@ianliuwk1019 ianliuwk1019 mentioned this issue Jan 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ianliuwk1019 ianliuwk1019

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gormless87 @craigyu @ianliuwk1019