UI: Add npm-force-resolutions. Replace ansi-html with ansi-html-community. Upgrade some other libs
Description
Start using npm-force-resolutions
and force upgrades for some libraries that are known to have vulnerabilities.
ansi-html
ansi-html is abandoned and unsupported, old/final version 0.0.7 has security issues (CVE-2021-23424),
this MR is to switch to ansi-html-community 0.0.8
Issue reported in: https://github.com/postgres-ai/database-lab-engine/issues/37
Other upgrades
Force use of specific versions for various libraries to mitigate various CVEs:
-
glob-parent 6.0.2
- CVE-2020-28469 https://github.com/postgres-ai/database-lab-engine/issues/45 -
normalize-url 6.1.0
- CVE-2021-33502 https://github.com/postgres-ai/database-lab-engine/issues/52 -
ejs 3.1.6
- WS-2021-0153 https://github.com/postgres-ai/database-lab-engine/issues/60 -
trim 1.0.1
- CVE-2020-7753 https://github.com/postgres-ai/database-lab-engine/issues/64 -
immer 9.0.12
– CVE-2021-23436 https://github.com/postgres-ai/database-lab-engine/issues/69
Checklist
-
MR description has been reviewed -
MR changes are functionally tested -
MR does NOT have text changes OR there are text changes and they have been reviewed -
MR does NOT have API/CLI changes OR there are API/CLI changes and they have been reviewed -
MR does NOT have UI changes OR there are UI changes and they have been reviewed
Edited by Nikolay Samokhvalov