<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:30:17 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3731] api_doc: json-ptr ^3.0.0, marked ^2.0.0,&#160;underscore ^1.12.1</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3731</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/d051136/api-doc/deref-schema.js&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-tools/blob/d051136/api-doc/deref-schema.js&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;uses vulnerable indirect dependencies. We only fix the most critical ones.&lt;/p&gt;

&lt;p&gt;Upgrade json-ptr from 0.1.1 to &amp;gt;= 3.0.0 fixing&#160;Prototype Pollution: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-23509&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-23509&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Upgrade underscore from 1.9.1 to &amp;gt;= 1.12.1 fixing Arbitrary Code Injection: Arbitrary Code Injection: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-23358&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-23358&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Upgrade marked from 1.2.9 to &amp;gt;= 2.0.0 fixing Regular Expression Denial of Service (ReDoS): &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-21306&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-21306&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;marked cannot be upgrade to &amp;gt;= 4.0.10 to fix more vulnerabilities because the major version bump from 2 to 4 causes a runtime failure.&lt;/p&gt;</description>
                <environment></environment>
        <key id="82500">FOLIO-3731</key>
            <summary>api_doc: json-ptr ^3.0.0, marked ^2.0.0,&#160;underscore ^1.12.1</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Fri, 3 Mar 2023 07:13:39 +0000</created>
                <updated>Sat, 4 Mar 2023 09:00:29 +0000</updated>
                            <resolved>Sat, 4 Mar 2023 09:00:29 +0000</resolved>
                                                                    <component>Continuous Integration</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="196236" author="61cd0ca0bce5e00069e98be7" created="Sat, 4 Mar 2023 09:00:13 +0000"  >&lt;p&gt;Thanks for solving that part.&lt;/p&gt;

&lt;p&gt;This will be deployed with the next re-build of the Jenkins image 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3725&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3725&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Rebuild folioci/jenkins-slave-all for java-17 and java-11&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-3725
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;

&lt;p&gt;For those repos that now use this via Workflows 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3678&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3678&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Ensure API-related GitHub Workflows are used for relevant backend repositories&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-3678
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
, it is in use immediately.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i06jkz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1718">DevOps Sprint 160</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sat, 4 Mar 2023 09:00:13 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>