Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #12149 Bump Kanban dependency to socket.io-client ^2
    Actions
    Infos
    #12149
    Thomas Gerbet (tgerbet)
    2018-08-20 15:25
    2018-08-18 13:28
    12830
    Details
    Bump Kanban dependency to socket.io-client ^2
    Tuleap is currently broken due to a change of the checksum of the tarball of one of the dependency (socket.io > engine.io-client > xmlhttprequest). This dependency is hardcoded by engine.io-client to be retrieved directly from a GitHub archive, since it is not resolved through the npmjs registry we do not have the original version in our npmjs registry mirror.

    Preliminary investigations seem however to show that the checksum change is due to metadata modifications.

    While we might decide to only update the checksum of the archive in the lockfile to be able to build Tuleap again and have the same issue again in two months let's took this as an opportunity to bump to the latest version of socket.io-client. The version the kanban is currently using is impacted by a bunch of vulnerabilities so it is the right thing to do anyway.
    Agile Dashboard
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-08-18
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #11901 Tuleap Releases 10.5 Delivered 2018-09-14 15:21 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #12149

    Artifact Tracker v5

    request #12186 Bump realtime server to socket-io ^2

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/74/12374/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 5424f0ec7b
    User avatar Yannis ROSSETTO (rossettoy) , 2018-08-18 14:25
    request #12149: Bump Kanban dependency to socket.io-client ^2 a0d7a794de
    User avatar Thomas Gerbet (tgerbet) , 2018-08-18 13:30
    Referenced by request #12149

    Artifact Tracker v5

    rel #11901 10.5

    Other

    gerrit #12374
    Display settings

    Follow-ups

    User avatar
    Yannis ROSSETTO (rossettoy)2018-08-18 14:27
    Integrated into Tuleap 10.4.99.24
    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2018-08-18
    User avatar
    Thomas Gerbet (tgerbet)2018-08-18 13:51
    Patch available for review here: gerrit #12374.
    • Summary
      -Bump Kanban dependency to socket.io-client to ^2 
      +Bump Kanban dependency to socket.io-client ^2 
    • Status changed from Under implementation to Under review