npm audit: 13 vulnerabilities with high criticality

[ghost]

Branch master (in production)

npm audit says:

found 64 vulnerabilities (50 low, 1 moderate, 13 high) in 5469 scanned packages

This is already after the npm audit fix run.

[davewood]

Did you run the end2end tests after npm audit fix to make sure nothing broke?

[davewood]

branch devel

before npm audit fix

found 129 vulnerabilities (106 low, 1 moderate, 22 high)

/do-portal/epplication$ bash test.sh
copy test.sql to container
delete existing tests
Deleting tests ...
tests deleted successfully.
restore existing tests
Restoring tests ...
tests restored successfully.
copy test script to container
run test script
test details -> http://epplication-app:8081/job/1/show (admin/admin123)
selenium browser -> `xtightvncviewer localhost::5900` (password: `secret`)
pending
in_progress
in_progress
in_progress
in_progress
in_progress
in_progress
job finished.
duration: 67.167346 seconds.
no errors.

after npm audit fix

found 22 vulnerabilities (8 low, 1 moderate, 13 high)

/do-portal/epplication$ bash test.sh
copy test.sql to container
delete existing tests
Deleting tests ...
tests deleted successfully.
restore existing tests
Restoring tests ...
tests restored successfully.
copy test script to container
run test script
test details -> http://epplication-app:8081/job/2/show (admin/admin123)
selenium browser -> `xtightvncviewer localhost::5900` (password: `secret`)
pending
in_progress
in_progress
in_progress
in_progress
in_progress
in_progress
job finished.
duration: 66.517195 seconds.
no errors.

[ghost]

Did you run the end2end tests after npm audit fix to make sure nothing broke?

No, I thought npm audit fix is always safe?

[davewood]

I dont have enough experience to comment on the safety of npm audit fix.