[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

Tim_WMDE added a comment. Yeah, this ticket has nothing left to do, thanks.TASK DETAILhttps://phabricator.wikimedia.org/T207988EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: Lucas_Werkmeister_WMDE, Tim_WMDECc: Lucas_Werkmeister_WMDE, Legoktm, Tim_WMDE,

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gerritbot added a comment. Change 470527 merged by jenkins-bot: [mediawiki/extensions/WikibaseQualityConstraints@master] Update npm deps & fix newly found styling issues https://gerrit.wikimedia.org/r/470527TASK DETAILhttps://phabricator.wikimedia.org/T207988EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gerritbot added a comment. Change 470525 merged by jenkins-bot: [mediawiki/extensions/AdvancedSearch@master] Update npm dev dependencies https://gerrit.wikimedia.org/r/470525TASK DETAILhttps://phabricator.wikimedia.org/T207988EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gabriel-wmde added a comment. I don't think this is an acceptable response. It's not just CI, it's also developer's laptops, which are an extremely high value target. While this vulnerability might be pretty minor, it's important to keep the security issues green, so that when an actual high

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

Legoktm added a comment. In T207988#4703344, @gabriel-wmde wrote: Thanks for bringing this up! We decided to postpone the fix for AdvancedSearch to next year, since the we use the vulnerable component (grunt) only for running the continous integration checks, where the risk of code injection is

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gerritbot added a comment. Change 470527 had a related patch set uploaded (by Tim Eulitz; owner: Tim Eulitz): [mediawiki/extensions/WikibaseQualityConstraints@master] Update npm packages and fix minor styling issues https://gerrit.wikimedia.org/r/470527TASK

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gerritbot added a comment. Change 470525 had a related patch set uploaded (by Tim Eulitz; owner: Tim Eulitz): [mediawiki/extensions/AdvancedSearch@master] Update npm dev dependencies https://gerrit.wikimedia.org/r/470525TASK DETAILhttps://phabricator.wikimedia.org/T207988EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T207988: Update grunt to 1.0.3 for AdvancedSearch and WikibaseQualityConstraints

gabriel-wmde added a comment. Thanks for bringing this up! We decided to postpone the fix for AdvancedSearch to next year, since the we use the vulnerable component (grunt) only for running the continous integration checks, where the risk of code injection is quite low.TASK