-
Notifications
You must be signed in to change notification settings - Fork 559
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update ua-parser-js and chart-js - critical CVEs #5275
Comments
#5106 has the same problem since months |
Development is on hold! If you can upgrade the assets urself manually and confirm all is good I'm sure @Ylianst will accept a PR Last time I looked at the jthe post, upgrading the graphs by increasing the nukber didnt work so it wasn't straight forward |
What does "Development is on hold!" mean in reality? |
I would just copy paste the newest version of ua-parser.js and chart.js??? into the directory. But i have no means to test this or cant really understand what is working and whats not. I never once used this software. Im asking for our IT department which has no developers. @si458 Is it as easy as replace the files? |
Sadly, as i commented on ur other post from the other month |
@jammsen does ur test show which version of ua-parser-js is needed to PASS the test? |
@si458 thanks |
Really hope that helps fingers crossed |
ill look into it again tomorrow when im stationary at my desk, |
"BTW love the 'activate windows' watermark 😆" |
Looking forward to hear from you tomorrow if you find the time. |
I did not see your question here, do you still need input on that? |
@jammsen plz can u verify the latest release is ok with ua-parser-js now? |
@si458 |
That screenshot shows version 1.0.35? |
"plz can u verify the latest release is ok with ua-parser-js now?" Do you have Discord by any chance to make communication easier? |
same as github/email or unofficial meshcentral discord server - https://discord.gg/8wHC6ASWAc |
#5276 was released with the latest MeshCentral. Let me know if this fixes it or more is needed. |
@Ylianst ua-parser-js was fixed the above CVEs 5 and 7 were fixed, now its only chart.js left the CVE9 the big one. |
#5293 should update chart.js to 4.33 for you! |
@Ylianst Do you have an eta when do you have time to review this? |
Describe the bug
Hello @Ylianst the dependencies or cross-deps have major CVE reports, please update the deps and release a "clean" version. Current Version is 1.1.8.
To Reproduce
Steps to reproduce the behavior:
Do a SBOM scan on this package via Sonatype Nexus
Expected behavior
Removal of CVEs through updating assets
Screenshots
The text was updated successfully, but these errors were encountered: