Skip to content

Commit

Permalink
Merge branch 'main' into kw-new-report
Browse files Browse the repository at this point in the history
  • Loading branch information
kryswisnaskas authored Feb 19, 2021
2 parents 170dbb9 + 8a613cd commit 1beabe9
Show file tree
Hide file tree
Showing 7 changed files with 20 additions and 11 deletions.
2 changes: 1 addition & 1 deletion docker-compose.test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ services:
build:
context: .
container_name: test-frontend
command: yarn start
command: bash
user: ${CURRENT_USER:-root}
stdin_open: true
volumes:
Expand Down
7 changes: 5 additions & 2 deletions frontend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
"react-router-dom": "^5.2.0",
"react-router-hash-link": "^2.3.1",
"react-router-prop-types": "^1.0.5",
"react-scripts": "^3.4.4",
"react-select": "^3.1.0",
"react-stickynode": "^3.0.4",
"react-with-direction": "^1.3.1",
Expand Down Expand Up @@ -135,12 +134,16 @@
"jest-junit": "^11.1.0",
"mutationobserver-shim": "^0.3.7",
"node-fetch": "^2.6.1",
"react-scripts": "^3.4.4",
"react-select-event": "^5.1.0"
},
"jest": {
"coverageThreshold": {
"global": {
"branches": 90
"statements": 90,
"functions": 85,
"branches": 90,
"lines": 90
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions frontend/run-yarn-audit.sh
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
set -u

set +e
output=$(yarn audit --level low --json)
cmd="yarn audit --level low --json"
output=$($cmd)
result=$?
set -e

Expand All @@ -30,10 +31,10 @@ echo fixes and they do not apply to production, you may ignore them
echo
echo To ignore these vulnerabilities, run:
echo
echo "yarn audit --json | grep auditAdvisory > yarn-audit-known-issues"
echo "$cmd | grep auditAdvisory > yarn-audit-known-issues"
echo
echo and commit the yarn-audit-known-issues file
echo
echo "$output" | grep auditAdvisory | python -mjson.tool

exit "$result"
exit "$result"
2 changes: 1 addition & 1 deletion frontend/src/pages/ActivityReport/__tests__/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ describe('ActivityReport', () => {
const data = formData();
fetchMock.get('/api/activity-reports/1', data);
renderActivityReport('1', 'activity-summary', true);
await screen.findByRole('group', { name: 'Who was the activity for?' });
await screen.findByRole('group', { name: 'Who was the activity for?' }, { timeout: 4000 });
expect(await screen.findByTestId('alert')).toBeVisible();
});

Expand Down
1 change: 1 addition & 0 deletions frontend/yarn-audit-known-issues
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"type":"auditAdvisory","data":{"resolution":{"id":1603,"path":"react-scripts>react-dev-utils>immer","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.10.0","paths":["react-scripts>react-dev-utils>immer"]}],"id":1603,"created":"2021-02-19T18:18:20.058Z","updated":"2021-02-19T18:18:32.751Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"immer","cves":["CVE-2020-28477"],"vulnerable_versions":"<8.0.1","patched_versions":">=8.0.1","overview":"## Overview\n\nAffected versions of `immer` are vulnerable to Prototype Pollution.\n\n## Proof of exploit\n\n```\nconst {applyPatches, enablePatches} = require(\"immer\");\nenablePatches();\nlet obj = {};\nconsole.log(\"Before : \" + obj.polluted);\napplyPatches({}, [ { op: 'add', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\n// applyPatches({}, [ { op: 'replace', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\nconsole.log(\"After : \" + obj.polluted);\n```\n\n## Remediation\n\nVersion 8.0.1 contains a [fix](https://github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5) for this vulnerability, updating is recommended.","recommendation":"Upgrade to version 8.0.1 or later","references":"- [GitHub Advisory](https://github.com/advisories/GHSA-9qmh-276g-x5pj)\n","access":"public","severity":"high","cwe":"CWE-1321","metadata":{"module_type":"","exploitability":8,"affected_components":""},"url":"https://npmjs.com/advisories/1603"}}}
5 changes: 4 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,10 @@
],
"coverageThreshold": {
"global": {
"branches": 75
"statements": 84,
"functions": 84,
"branches": 75,
"lines": 84
}
}
},
Expand Down
7 changes: 4 additions & 3 deletions run-yarn-audit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
set -u

set +e
output=$(yarn audit --level low --json)
cmd="yarn audit --level low --json"
output=$($cmd)
result=$?
set -e

Expand All @@ -30,10 +31,10 @@ echo fixes and they do not apply to production, you may ignore them
echo
echo To ignore these vulnerabilities, run:
echo
echo "yarn audit --json | grep auditAdvisory > yarn-audit-known-issues"
echo "$cmd | grep auditAdvisory > yarn-audit-known-issues"
echo
echo and commit the yarn-audit-known-issues file
echo
echo "$output" | grep auditAdvisory | python -mjson.tool

exit "$result"
exit "$result"

0 comments on commit 1beabe9

Please sign in to comment.