web: Fix missing integrity fields in package-lock.json #11509
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
jvanbruegge
force-pushed
the
fix-lockfile
branch
from
2c774d6 to
c2ac680
Compare
|
Ah that fixes the npm command but doesn't re-add it to CLI |
13 tasks
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #11509 +/- ##
==========================================
- Coverage 92.75% 92.67% -0.08%
==========================================
Files 736 736
Lines 36510 36510
==========================================
- Hits 33864 33835 -29
- Misses 2646 2675 +29
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Ah, I did not see that. And it only solves the issue partially. There are still a few packages in |
jvanbruegge
force-pushed
the
fix-lockfile
branch
from
c2ac680 to
9c0685b
Compare
|
Found why there were a few packages in |
jvanbruegge
force-pushed
the
fix-lockfile
branch
from
10c051d to
bdc4dbf
Compare
|
I'm assuming you're using the same method to get the integrity values by |
|
No, that might change the version of the package. I used this https://github.com/jeslie0/npm-lockfile-fix to only add the integrity and resolved field, all package versions stay as they were locked |
BeryJu
changed the title
|
/cherry-pick version-2024.8 |
BeryJu
approved these changes
Sep 27, 2024
|
Cherry-pick failed with |
BeryJu
pushed a commit
that referenced
this pull request
Sep 27, 2024
* web: Fix missing integrity fields in lockfile * website: revert lockfile lint, re-add integrity * web,website: Require integrity also for subpackages Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # web/package-lock.json # website/package-lock.json # website/package.json
kensternberg-authentik
added a commit
that referenced
this pull request
Sep 27, 2024
* main: website: update release notes for 2024.8.3 and 2024.6.5 (#11541) website/docs: added a Docs banner to announce new docs structure (#11525) security: fix CVE-2024-47070 (#11536) security: fix CVE-2024-47077 (#11535) sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532) web: Fix missing integrity fields in package-lock.json (#11509) core, web: update translations (#11527) core: bump ruff from 0.6.7 to 0.6.8 (#11528) web: bump the wdio group across 2 directories with 3 updates (#11529) web: bump @patternfly/elements from 4.0.1 to 4.0.2 in /web (#11530) web: bump @types/node from 22.7.2 to 22.7.3 in /web (#11531)
|
@jvanbruegge @BeryJu thank you! I really don't get why this is not recognized as a problem upstream in npm cli :/ |
WilliButz
added a commit
to nix-community/authentik-nix
that referenced
this pull request
Sep 27, 2024
Fixes CVE-2024-47070 and CVE-2024-47077 See https://docs.goauthentik.io/docs/releases/2024.8#fixed-in-202483 Dropped manually resolved lockfiles, fixed upstream in goauthentik/authentik#11509 Flake lock file updates: • Updated input 'authentik-src': 'github:goauthentik/authentik/f5580d311d01f2202b666f76931ed04f30b9ec30' (2024-09-07) → 'github:goauthentik/authentik/91d2445c61da49026f76dceb7f5b524e30335a42' (2024-09-27)
kensternberg-authentik
added a commit
that referenced
this pull request
Sep 27, 2024
…able * web/bug/fix-wdio-and-lint: Forgot to run prettier. web: small fixes for wdio and lint providers/oauth2: improve indexes on tokens (#11543) web: bump API Client version (#11544) release: 2024.8.3 (#11542) package-lock.json update website: update release notes for 2024.8.3 and 2024.6.5 (#11541) website/docs: added a Docs banner to announce new docs structure (#11525) security: fix CVE-2024-47070 (#11536) security: fix CVE-2024-47077 (#11535) sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532) web: Fix missing integrity fields in package-lock.json (#11509) core, web: update translations (#11527) core: bump ruff from 0.6.7 to 0.6.8 (#11528) web: bump the wdio group across 2 directories with 3 updates (#11529) web: bump @patternfly/elements from 4.0.1 to 4.0.2 in /web (#11530) web: bump @types/node from 22.7.2 to 22.7.3 in /web (#11531)
kensternberg-authentik
added a commit
that referenced
this pull request
Sep 27, 2024
* web/bug/fix-wdio-and-lint: Forgot to run prettier. web: small fixes for wdio and lint providers/oauth2: improve indexes on tokens (#11543) web: bump API Client version (#11544) release: 2024.8.3 (#11542) package-lock.json update website: update release notes for 2024.8.3 and 2024.6.5 (#11541) website/docs: added a Docs banner to announce new docs structure (#11525) security: fix CVE-2024-47070 (#11536) security: fix CVE-2024-47077 (#11535) sources/ldap: fix ms_ad userAccountControl not checking for lockout (#11532) web: Fix missing integrity fields in package-lock.json (#11509) core, web: update translations (#11527) core: bump ruff from 0.6.7 to 0.6.8 (#11528) web: bump the wdio group across 2 directories with 3 updates (#11529) web: bump @patternfly/elements from 4.0.1 to 4.0.2 in /web (#11530) web: bump @types/node from 22.7.2 to 22.7.3 in /web (#11531) web: small fixes for wdio and lint
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
Same issue as with #9419
There was a CI check for this, however #10157 removed the CI check, which made this issue possible again.
lint-lockfiledoes not actually check that all packages are resolved: lirantal/lockfile-lint#196Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)If applicable
make website)