<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:27:42 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3383] avoid sabotaged colors.js &gt; 1.4.0</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3383</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;b&gt;Summary:&lt;/b&gt; The platform&apos;s &lt;tt&gt;package.json&lt;/tt&gt; must lock to &lt;tt&gt;colors&lt;/tt&gt; &lt;tt&gt;1.4.0&lt;/tt&gt; to avoid sabotaged patch releases.&lt;br/&gt;
&lt;b&gt;Details:&lt;/b&gt; The author of &lt;a href=&quot;https://www.npmjs.com/package/colors&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;colors.js&lt;/a&gt;, a transitive dependency of stripes-cli, was &lt;a href=&quot;https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;sabotaged by its owner&lt;/a&gt; in several patch releases published directly to NPM including 1.4.2, 1.4.1, and 1.4.44-liberty-2. &lt;/p&gt;</description>
                <environment></environment>
        <key id="82297">FOLIO-3383</key>
            <summary>avoid sabotaged colors.js &gt; 1.4.0</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10000" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p1.svg">P1</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="615afd1cd9820f0070a09ef0">Zak Burke</assignee>
                                                                <reporter accountid="615afd1cd9820f0070a09ef0">Zak Burke</reporter>
                                    <labels>
                    </labels>
                <created>Mon, 10 Jan 2022 17:24:58 +0000</created>
                <updated>Thu, 13 Jan 2022 23:14:11 +0000</updated>
                            <resolved>Thu, 13 Jan 2022 23:14:11 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                <comments>
                                                            <comment id="197147" author="5f9abc1eb45b2e007453f423" created="Mon, 10 Jan 2022 20:41:53 +0000"  >&lt;p&gt;I went ahead and pinned colors to 1.4.0 on the following branches in platform-complete in addition to the snapshot branch: &lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;master&lt;/li&gt;
	&lt;li&gt;R3-2021&lt;/li&gt;
	&lt;li&gt;R2-2021&lt;/li&gt;
	&lt;li&gt;R1-2021&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Also did the same for platform-core (snapshot and master) for good measure. &lt;/p&gt;</comment>
                                                            <comment id="197149" author="5f9abc1eb45b2e007453f423" created="Thu, 13 Jan 2022 21:59:33 +0000"  >&lt;p&gt;As discussed on Slack here: &lt;a href=&quot;https://folio-project.slack.com/archives/C58TABALV/p1642003556044800&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-project.slack.com/archives/C58TABALV/p1642003556044800&lt;/a&gt;,  the FOLIO Jenkins CI is still having issues with the bogus colors &amp;gt; 1.4.0 npm dep when invoking stripes-cli to run things like karma unit tests.    This is causing an infinite loop,  eventual build failure, and a build Jenkins log that can grow to 18-20GB.    The latest CI version of stripes-cli has colors 1.4.0 defined as a dev dep,  but the bogus version is still slipping in there somehow.   &lt;/p&gt;</comment>
                                                            <comment id="197153" author="5f9abc1eb45b2e007453f423" created="Thu, 13 Jan 2022 22:17:59 +0000"  >&lt;p&gt;Removed the globally installed stripes-cli from the Jenkins CI build image for good measure.   Issue still persists.   &lt;/p&gt;</comment>
                                                            <comment id="197155" author="5f9abc1eb45b2e007453f423" created="Thu, 13 Jan 2022 22:49:12 +0000"  >&lt;p&gt;Looks like npmjs.org finally removed colors 1.4.2 from its repo.     That means I should be able to remove it from the FOLIO Nexus npmjs.org proxy repo.   &lt;/p&gt;</comment>
                                                            <comment id="197158" author="5f9abc1eb45b2e007453f423" created="Thu, 13 Jan 2022 23:11:38 +0000"  >&lt;p&gt;One thing to note was that when I removed colors 1.4.2 from the Nexus repo,   &apos;yarn install&apos; failed because it couldn&apos;t find 1.4.2.   This means it was previously still resolving to 1.4.2 even with the dep pinned in stripes-cli.. I think it was likely something else depended on colors as well.  &lt;/p&gt;</comment>
                                                            <comment id="197161" author="5f9abc1eb45b2e007453f423" created="Thu, 13 Jan 2022 23:14:01 +0000"  >&lt;p&gt;Closing. &lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10001">
                    <name>Cloners</name>
                                                                <inwardlinks description="is cloned by">
                                        <issuelink>
            <issuekey id="71425">STCLI-188</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03ymn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="289">DevOps Sprint 131</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 10 Jan 2022 20:41:53 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>