Draft: Resolve "SOUP periodic assessment 10/2023"
Closes #866 (closed)
Do not merge before !742
Do not merge until the SBOM list (see below) has been released. The sheet is to be saved as SBOM.md and added to this MR!
Assessment log
Vulnerability scan
- yarn upgrade
- yarn audit
- yarn upgrade --latest cypress
- yarn remove -W browser-env
- yarn audit
Result: 0 vulnerabilities found - Packages audited: 1451
SBOM assessment
Working copy of RC1_SW_04: https://docs.google.com/spreadsheets/d/15D0jc5m20tA2tdZ0WfMHbrLIwJGmIRxUgN9dqZ5QAe8/edit#gid=430376677 (shall replace the original once it has been approved)
- Added new direct dependencies: vite, windows-1252, ngx-matomo-client, d3-axis, d3-scale, d3-selection, d3-time, d3-time-format, file-loader, @angular/platform-browser-dynamic
- core-js and @angular/animations were originally found in package.json, but not used anywhere in the app. Thus, they were removed from the app and not added to the SBOM list.
- Updated versions numbers according to yarn.lock.
- Moved @pdf-lib/standard-fonts, @pdf-lib/upng and @ionic/core from direct to transitive dependencies.
- No other packages were removed.