Skip to content

Draft: Resolve "SOUP periodic assessment 12/2024"

Noel Simmel requested to merge 1376-soup-periodic-assessment-12-2024 into main

Closes #1376

Do not merge until the SBOM list (see below) has been released and added to this MR.

Assessment log

App version v1.1.4 at commit ce875221 (December 19, 2024)

Vulnerability scan

  • yarn install
  • yarn upgrade
  • yarn audit
  • Force patched versions of vulnerable packages
  • yarn install
  • yarn audit

Result

yarn audit v1.22.22
0 vulnerabilities found - Packages audited: 1504
Done in 1.50s.

SBOM Assessment

Working copy of RC1_SW_04: https://docs.google.com/spreadsheets/d/1kYVZlX0vUkuQ4g6QA7TkKIuboRRMQOsHsPSNzOH3Zj0/edit?pli=1&gid=809278041#gid=809278041 (shall replace the original once it has been approved)

Color code Meaning
🟢 New patch version
🟡 New minor version
🔴 New major version
🔵 New package added
  • Reformatted the Google Sheets to work with the new SOUP script (#1348 (closed)): Merged direct and dev dependencies into one sheet, sorted alphabetically.
  • Added newly installed dependencies: karma-coverage, karma-junit-reporter
  • No version numbers needed to be updated
Edited by Noel Simmel

Merge request reports