Closed
Bug 1457888
Opened 7 years ago
Closed 6 years ago
BLRG-PT-18-001: upgrade to latest javascript libraries
Categories
(Release Engineering Graveyard :: Applications: Balrog (frontend), enhancement, P3)
Release Engineering Graveyard
Applications: Balrog (frontend)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bhearsum, Unassigned)
References
Details
(Keywords: sec-moderate, Whiteboard: [2018audit])
During "npm install", numerous outdated (and potentially insecure) libraries are installed. We should be doing our best to keep these up-to-date, though we may be limited by the fact that we're on an old version of Angular.
To start, we should update to the latest version of packages that don't cause bustage.
|
Reporter | |
Updated•7 years ago
|
Whiteboard: [2018audit]
|
|
Reporter | |
Comment 1•7 years ago
|
||
Simon Bennetts did some research on what it would take to get us to safe versions of our major dependencies, his results are in https://docs.google.com/document/d/1wDLc5NuQy49Nj3Yzo3S2UGNWyzPexZTkh26mfT8MN4I/edit#
I suspect that Angular will be the worst, since we use a more varied set of features from it.
|
||
Updated•7 years ago
|
Summary: upgrade to latest javascript libraries → BLRG-PT-18-001: upgrade to latest javascript libraries
|
|
Reporter | |
Comment 2•7 years ago
|
||
It's looking like we may prioritize a new Balrog UI in Q3, which means this is not likely to get looked at. That work is being tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1465206.
|
|
||
Updated•7 years ago
|
Keywords: sec-moderate
|
|
Reporter | |
Comment 3•6 years ago
|
||
We're working on a new UI, and bugs like are not worth fixing in the current one. We will ensure that the new UI is regularly updated to the latest libraries, however.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
|
||
Updated•6 years ago
|
Product: Release Engineering → Release Engineering Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•