Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JavaToolInstallerV0] Fix critical security issue #15777

Closed
ghost opened this issue Jan 17, 2022 · 2 comments
Closed

[JavaToolInstallerV0] Fix critical security issue #15777

ghost opened this issue Jan 17, 2022 · 2 comments
Assignees
@anatolybolshakov
Labels
Area: ABTT Akvelon Build Tasks Team area of work bug Task: JavaToolInstaller

Comments

@ghost
Copy link

ghost commented Jan 17, 2022

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature?
Type: Bug

Enter Task Name: JavaToolInstallerV0

Issue Description

JavaToolInstaller has dependencies on npm packages which have critical security vulnerabilities or dependencies on other packages with security vulnerabilities.
We need to update version of packages in package.json or package-lock.json to fix it.

To see all existing errors please use latest node version and run npm audit in task folder.

Task logs

JavaToolInstallerV0.zip

Troubleshooting

Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting

Error logs

[Insert error from the logs here for a quick overview]
@github-actions github-actions bot added Area: ABTT Akvelon Build Tasks Team area of work bug labels Jan 17, 2022
@ghost ghost assigned ghost and unassigned ghost Jan 19, 2022
@ghost
Copy link
Author

ghost commented Jan 19, 2022

Depends on #15780

@ghost ghost self-assigned this Jan 24, 2022
@anatolybolshakov anatolybolshakov assigned anatolybolshakov and unassigned ghost Jan 26, 2022
@anatolybolshakov anatolybolshakov mentioned this issue Jan 28, 2022
Merged
2 tasks
@anatolybolshakov anatolybolshakov added the awaiting deployment Related changes are waiting for deployment to be completed label Feb 1, 2022
@anatolybolshakov anatolybolshakov removed the awaiting deployment Related changes are waiting for deployment to be completed label Mar 10, 2022
@anatolybolshakov
Copy link
Contributor

Closing this one since changes has been already rolled out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anatolybolshakov anatolybolshakov

Labels
Area: ABTT Akvelon Build Tasks Team area of work bug Task: JavaToolInstaller
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anatolybolshakov