Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit_deps is not catching some advisories #13562

Closed
diracdeltas opened this issue Jan 13, 2021 · 3 comments · Fixed by brave/brave-core#7594
Closed

npm audit_deps is not catching some advisories #13562

diracdeltas opened this issue Jan 13, 2021 · 3 comments · Fixed by brave/brave-core#7594
Assignees
@diracdeltas
Labels
dev-concern OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude security
Milestone
1.21.x - Release

Comments

@diracdeltas
Copy link
Member

it should fail currently but passes
@diracdeltas diracdeltas self-assigned this Jan 13, 2021
@diracdeltas diracdeltas mentioned this issue Jan 13, 2021
Merged
23 tasks
diracdeltas added a commit to brave/brave-core that referenced this issue Jan 14, 2021
@diracdeltas
audit npm deps should fail on any non-ignored advisories
121753e 
the previous implementation had a bug where it would pass as long as the
first advisory was an ignored advisory.

fix brave/brave-browser#13562
@diracdeltas diracdeltas added this to the 1.21.x - Nightly milestone Jan 15, 2021
@diracdeltas
Copy link
Member Author

@kjozwiak not sure whether to mark this QA/yes or QA/no. this doesn't introduce any new changes, but there is some risk of UI regressions since some npm dependencies were upgraded. in particular i would recommend making sure that stats show up correct on the NTP and that all tipping buttons work.

@kjozwiak kjozwiak added QA/Yes and removed QA/No labels Jan 26, 2021
@kjozwiak
Copy link
Member

We'll label this as QA/Yes so we can double check the affected area's you mentioned above 👍 1.21.x will be a major Chromium release as we're bumping from C88 --> C89 so QA will be running through full regression passes which checks the above areas as well. @diracdeltas does this affect Android as well? Assuming both share the same dependencies as they're on the same code base. If so, mind adding the OS/Android label?

@LaurenWags
Copy link
Member

LaurenWags commented Feb 18, 2021
edited by GeetaSarvadnya
Loading

Verified passed with

Brave | 1.21.59 Chromium: 88.0.4324.182 (Official Build) beta (x86_64)
-- | --
Revision | 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
OS | macOS Version 10.15.7 (Build 19H512)

Verified suggested areas from #13562 (comment).
Confirmed in-line tip buttons for Twitter, GitHub, Reddit worked as expected.
Confirmed tips were deducted from wallet balance and recorded appropriately on brave://rewards page.
Confirmed NTP stats displayed as expected.

Screenshots
Twitter GitHub Reddit
Twitter GitHub Reddit
brave://rewards wallet panel Tips panel
Screen Shot 2021-02-18 at 2 11 09 PM Screen Shot 2021-02-18 at 2 11 15 PM

NTP Stats
Screen Shot 2021-02-18 at 2 13 02 PM

Verification passed on

Brave 1.21.64 Chromium: 88.0.4324.182 (Official Build) beta (64-bit)
Revision 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
OS Ubuntu 18.04 LTS

Verified suggested areas from #13562 (comment).
Confirmed in-line tip buttons for Twitter, GitHub, Reddit worked as expected.
Confirmed tips were deducted from wallet balance and recorded appropriately on brave://rewards page.
Confirmed NTP stats displayed as expected.

Screenshots
Twitter GitHub Reddit
image image image

brave://rewards wallet panel and Tips panel
image

NTP Stats
image

Verification passed on


Brave | 1.21.68 Chromium: 89.0.4389.58 (Official Build) (64-bit)
-- | --
Revision | 1a139f28ecc27719439e37c6b1533cee999cb802-refs/branch-heads/4389@{#1134}
OS | Windows 10 OS Version 2004 (Build 19041.804)

Verified suggested areas from #13562 (comment).
Confirmed in-line tip buttons for Twitter, GitHub, Reddit worked as expected.
Confirmed tips were deducted from wallet balance and recorded appropriately on brave://rewards page.
Confirmed NTP stats displayed as expected.

Screenshots
Twitter GitHub Reddit
image image image
brave://rewards wallet panel Tips panel
image image

NTP Stats
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diracdeltas diracdeltas

Labels
dev-concern OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude security
Projects
None yet
Milestone
1.21.x - Release
Development

Successfully merging a pull request may close this issue.

fix audit_deps command and update vulnerable dependencies brave/brave-core
5 participants
@diracdeltas @kjozwiak @LaurenWags @btlechowski @GeetaSarvadnya