WRR-21446: Updated package dependencies to fix vulnerabilities #107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
daniel-stoian-lgp
added a commit
that referenced
this pull request
Apr 8, 2025
* WRQ-8596: Adapt performanceMetrics app for Agate performance tests (#81) * added performance tests for agate components * code review fixes * Adapted performanceMetrics app for Agate test results * code review fixes * fixed urls for performanceMetrics * WRQ-11737: Added performance tests for agate overall view + fixes for other tests (#82) * avoided unnecessary api call when the theme library is changed in poerformanceMetrics * Added overallView for Agate Fixed lint warnings for latest enact/cli Fixed placeholder images link * Added tests for agate/overallview Solved lint warnings * modified marquee test in order to fix the tests on jenkins * revert for marquee test * fix for marquee test * fix for sandstone/marquee test * fixed tests for agate/Slider, agate/IncrementSlider, sandstone/Slider and sandstone/Panels * fixed tests for agate/Panels * code review fixes * WRQ-14123: Fixed performanceMetrics when same component is selected once more. Fixed tests where results were saved in the wrong file (#83) * fixed performanceMetrics when same component is selected once more. Fixed tests where the tests results were saved in the wrong file * Fixed performance tests where the metric name was incorrect * Added missing component options in performance metrics dropdown * WRQ-16517: Updated dependencies to fix critical vulnerabilities (#84) * updated dependencies to fix vulnerabilities * fixed quickguidepanel test view * WRQ-18593: Changed chart configuration to show all labels and lines (#86) * updated configuration for chart xAxis * reverted chart width * changed xAxis interval and chart size * fix enact link on sandstone (#87) * Fix QuickGuidePanel import statement to Panel (#88) Enact-DCO-1.0-Signed-off-by: Juwon Jeong ([email protected]) * WRQ-25865: Updated package dependencies to fix security vulnerabilities (#93) * Update package dependencies to fix security vulnerabilities * Updated `react-router-dom` dependency * WRQ-31596: Fix Critical and High vulnerabilities in agate (#94) * updated package-lock * fixed package-lock * updated package.json --------- Co-authored-by: Daniel Stoian <[email protected]> * WRR-1078: Added tests for INP web vital (#92) * added support for reading interaction to next paint * Added inp performance tests * added performance tests for Agate ArcPicker --> IncrementSlider * Added INP performance tests for agate components * Added INP Metric for Performance Metrics charts * import order fix * removed commented code * updated readme * refactored inp tests to download webvitals library instead of using local code * lint fixes * adjustments for sandstone inp tests * adjustments for agate inp tests * reverse for commented tests * adjustments for sandstone inp tests * adjustments for agate inp tests * adjustments for sandstone inp tests * adjustments for sandstone inp tests * adjustments for agate inp tests * moved url of web vitals library to a global variable * minor fixes * updated views and tests for contextualpopup in order to support INP metric. fixed eslint warnings * pinned web-vitals version * WRR-2951: Removed tests for FID web-vital (#96) * Removed tests for FID web-vital * minor fixes * WRR-626: Updated puppeteer and wait-on dependencies to latest version (#97) * upgraded puppeteer to v22 * updated puppeteer to latest version * updated wait-on to latest version * Update jsdom-extended.js * changed ws dependency to 7.5.10 * WRR-10055: Updated package dependencies to fix security vulnerabilities (#101) * updated dependencies * updated web-vitals library version * fixed "'left' is not pressed" warning * updated performanceMetrics dependencies --------- Co-authored-by: Daniel Stoian <[email protected]> * WRR-5490: Add FPS measurement when `translate` scroll to VirtualList (#100) * added views for virtualList translate * added separate tests for scrollMode native and translate on keypress and mousewheel * merged with develop and modified implementation * refactored previous implementation * removed native from scrollMode native tests to avoid duplicating charts. native is the default * removed native from agate tests as well * review fixes * fixed url params * added missing ternary * added different FPS target for native virtualList vs translate * testing new method for calculating FPS * testing requestAnimationFrame method for calculating FPS * removed duplicated "describe" * WRR-15939: Updated React to version 19 (#104) * WRA-21652: Update to React 19 (#89) * update react to v19@rc * updated to latest rc version of react19 * updated dependencies to React19 * updated dependencies * updated agate version --------- Co-authored-by: adrian-cocoara-lgp <[email protected]> * WRR-15928: Modified tests to run in production mode and fixed tests for missing metric value (#105) * converted performance tests to use hashRouter * migrated performance tests to use production mode * fix for npm stop script * adjustments for serve server log information * fixed tests so undefined metric does not throw error * WRR-19928: Added performance tests for Limestone components (#106) * converted performance tests to use hashRouter * migrated performance tests to use production mode * fix for npm stop script * adjustments for serve server log information * fixed tests so undefined metric does not throw error * Adapted performance tests to support Limestone * eslint fixes * WRR-21446: Updated package dependencies to fix vulnerabilities (#107) * updated minor dependencies to fix vulnerabilities * updated puppeteer to latest version * updated node requirements * updated react-router-dom * modified source for images in overall views to a faster source --------- Co-authored-by: adrian-cocoara-lgp <[email protected]> Co-authored-by: Juwon Jeong <[email protected]> Co-authored-by: ion-andrusciac-lgp <[email protected]> Co-authored-by: paul-beldean-lgp <[email protected]> Co-authored-by: Stanca <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
Issue Resolved / Feature Added
There were high vulnerabilities
@babel/helpers <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - GHSA-968p-4wvh-cqc8
fix available via
npm audit fixnode_modules/@babel/helpers
axios <1.8.2
Severity: high
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - GHSA-jr5f-v2jv-69x6
fix available via
npm audit fixnode_modules/axios
Resolution
Additional Considerations
I had to modify the source for images in OverallView to a faster source. The previous source took too long to load all images and it caused timeout issues in jest
Links
WRR-21446
Comments
Enact-DCO-1.0-Signed-off-by: Daniel Stoian ([email protected])