Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update expressjs/body-parser in docroot/designsystem for cms and cms-test #19336

Open
3 tasks
edmund-dunn opened this issue Sep 26, 2024 · 2 comments
Open
3 tasks

Update expressjs/body-parser in docroot/designsystem for cms and cms-test #19336

edmund-dunn opened this issue Sep 26, 2024 · 2 comments
Assignees
@edmund-dunn
Labels
CMS Team CMS Product team that manages both editor exp and devops security Dependabot: Pull requests that address a security vulnerability

Comments

@edmund-dunn
Copy link
Contributor

edmund-dunn commented Sep 26, 2024
edited
Loading

User Story or Problem Statement

According to https://github.com/advisories/GHSA-qwcr-r2fm-qrc7/dependabot?query=user:department-of-veterans-affairs, there is a recent vulnerability in expressjs/body-parser. We need to update to >=v4.20.

For cms and cms-test this is only an issue for storybook. Storybook has not been updated yet, but an issue exists.

Description or Additional Context

Waiting for this PR to be merged for storybook

Steps for Implementation

  • Update dependencies in docroot/design-system/package.json
  • ensure expressjs/body-parser is >= v4.20

Acceptance Criteria

  • design-system dependencies updated
  • design-system correctly compiles and runs
  • merge changes into cms-test repo
@edmund-dunn edmund-dunn added the Needs refining Issue status label Sep 26, 2024
@edmund-dunn edmund-dunn self-assigned this Sep 26, 2024
@edmund-dunn edmund-dunn added the CMS Team CMS Product team that manages both editor exp and devops label Sep 26, 2024
@edmund-dunn
Copy link
Contributor Author

edmund-dunn commented Sep 26, 2024
edited
Loading

@gracekretschmer-metrostar this needs to be done soonish https://dsva.slack.com/archives/CT4GZBM8F/p1727364013031559
We will need to wait, though until storybook releases an update

@gracekretschmer-metrostar gracekretschmer-metrostar added security Dependabot: Pull requests that address a security vulnerability and removed Needs refining Issue status labels Oct 15, 2024
@gracekretschmer-metrostar
Copy link

gracekretschmer-metrostar commented Oct 15, 2024
edited
Loading

Per @edmund-dunn: we have dependency on for the team managing storybook to merge this PR before we can do this work. Marked as blocked and we will touch base on ticket before each new sprint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edmund-dunn edmund-dunn

Labels
CMS Team CMS Product team that manages both editor exp and devops security Dependabot: Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edmund-dunn @gracekretschmer-metrostar