Resolve "SBOM/SOUP periodic assessment 09/2024"
Closes #1275 (closed)
Do not merge until the SBOM list (see below) has been released and added to this MR.
Assessment log
App version v1.1.2 at commit 9cd32069 (September 18, 2024)
Vulnerability scan
yarn installyarn upgradeyarn audit
Result
yarn audit v1.22.22
0 vulnerabilities found - Packages audited: 1504
Done in 1.50s.SBOM Assessment
Working copy of RC1_SW_04: https://docs.google.com/spreadsheets/d/15xLuW2uI8dDcCJC0E5Ord3iRLq-lcjBA3JhjUiGmN6s/edit?gid=809278041#gid=809278041 (shall replace the original once it has been approved)
| Color code | Meaning |
|---|---|
| 🟢 | New patch version |
| 🟡 | New minor version |
| New major version | |
| 🟣 | New package added |
- Deleted aux dep A_29, was a duplicate of A_30 (
jasmine-core) - Removed trans dep T_05
encode-utf8(ofqrcode) - Added trans dep T_14
jasmine-core(ofkarma-jasmine) - Updated version numbers according to
yarn.lock - Fixed version number of
jasmine-core(was v4, is now v5; 4 is for T_14, see above) - Changed "unreplaceable" to "irreplaceable" in the Google Sheets
Freezing TypeScript version
After yarn upgrade, I couldn't build the app anymore. See failed pipeline after first commit – lots of errors "TS2873: This kind of expression is always falsy" / "TS2872: This kind of expression is always truthy."
I figured this was because TypeScript was upgraded to 5.6.2 (changelog). I downgraded back to 5.4.5, which fixed the issue. This only worked by explicitly specifying the version in package.json, otherwise compodoc and rc_charts_vanilla (figures.cc charts) cause the upgrade to 5.6.2 on yarn install.
I chose 5.4.5 because it's the version Hannu and I have been using.
Fixed in !1115 (merged)