diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 46d93e3edc..5689d6ea99 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -18,7 +18,7 @@ services: build: context: . container_name: test-frontend - command: yarn start + command: bash user: ${CURRENT_USER:-root} stdin_open: true volumes: diff --git a/frontend/package.json b/frontend/package.json index e97a005595..9e746df00d 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -29,7 +29,6 @@ "react-router-dom": "^5.2.0", "react-router-hash-link": "^2.3.1", "react-router-prop-types": "^1.0.5", - "react-scripts": "^3.4.4", "react-select": "^3.1.0", "react-stickynode": "^3.0.4", "react-with-direction": "^1.3.1", @@ -135,12 +134,16 @@ "jest-junit": "^11.1.0", "mutationobserver-shim": "^0.3.7", "node-fetch": "^2.6.1", + "react-scripts": "^3.4.4", "react-select-event": "^5.1.0" }, "jest": { "coverageThreshold": { "global": { - "branches": 90 + "statements": 90, + "functions": 85, + "branches": 90, + "lines": 90 } } } diff --git a/frontend/run-yarn-audit.sh b/frontend/run-yarn-audit.sh old mode 100644 new mode 100755 index fcfe08122b..854c935dc0 --- a/frontend/run-yarn-audit.sh +++ b/frontend/run-yarn-audit.sh @@ -6,7 +6,8 @@ set -u set +e -output=$(yarn audit --level low --json) +cmd="yarn audit --level low --json" +output=$($cmd) result=$? set -e @@ -30,10 +31,10 @@ echo fixes and they do not apply to production, you may ignore them echo echo To ignore these vulnerabilities, run: echo -echo "yarn audit --json | grep auditAdvisory > yarn-audit-known-issues" +echo "$cmd | grep auditAdvisory > yarn-audit-known-issues" echo echo and commit the yarn-audit-known-issues file echo echo "$output" | grep auditAdvisory | python -mjson.tool -exit "$result" \ No newline at end of file +exit "$result" diff --git a/frontend/src/pages/ActivityReport/__tests__/index.js b/frontend/src/pages/ActivityReport/__tests__/index.js index 6ac15d872e..bdf2bc4498 100644 --- a/frontend/src/pages/ActivityReport/__tests__/index.js +++ b/frontend/src/pages/ActivityReport/__tests__/index.js @@ -72,7 +72,7 @@ describe('ActivityReport', () => { const data = formData(); fetchMock.get('/api/activity-reports/1', data); renderActivityReport('1', 'activity-summary', true); - await screen.findByRole('group', { name: 'Who was the activity for?' }); + await screen.findByRole('group', { name: 'Who was the activity for?' }, { timeout: 4000 }); expect(await screen.findByTestId('alert')).toBeVisible(); }); diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues new file mode 100644 index 0000000000..fdb03d5532 --- /dev/null +++ b/frontend/yarn-audit-known-issues @@ -0,0 +1 @@ +{"type":"auditAdvisory","data":{"resolution":{"id":1603,"path":"react-scripts>react-dev-utils>immer","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.10.0","paths":["react-scripts>react-dev-utils>immer"]}],"id":1603,"created":"2021-02-19T18:18:20.058Z","updated":"2021-02-19T18:18:32.751Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"Anonymous","email":""},"reported_by":{"link":"","name":"Anonymous","email":""},"module_name":"immer","cves":["CVE-2020-28477"],"vulnerable_versions":"<8.0.1","patched_versions":">=8.0.1","overview":"## Overview\n\nAffected versions of `immer` are vulnerable to Prototype Pollution.\n\n## Proof of exploit\n\n```\nconst {applyPatches, enablePatches} = require(\"immer\");\nenablePatches();\nlet obj = {};\nconsole.log(\"Before : \" + obj.polluted);\napplyPatches({}, [ { op: 'add', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\n// applyPatches({}, [ { op: 'replace', path: [ \"__proto__\", \"polluted\" ], value: \"yes\" } ]);\nconsole.log(\"After : \" + obj.polluted);\n```\n\n## Remediation\n\nVersion 8.0.1 contains a [fix](https://github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5) for this vulnerability, updating is recommended.","recommendation":"Upgrade to version 8.0.1 or later","references":"- [GitHub Advisory](https://github.com/advisories/GHSA-9qmh-276g-x5pj)\n","access":"public","severity":"high","cwe":"CWE-1321","metadata":{"module_type":"","exploitability":8,"affected_components":""},"url":"https://npmjs.com/advisories/1603"}}} diff --git a/package.json b/package.json index 1f225a5e15..126e07172e 100644 --- a/package.json +++ b/package.json @@ -93,7 +93,10 @@ ], "coverageThreshold": { "global": { - "branches": 75 + "statements": 84, + "functions": 84, + "branches": 75, + "lines": 84 } } }, diff --git a/run-yarn-audit.sh b/run-yarn-audit.sh index fcfe08122b..854c935dc0 100644 --- a/run-yarn-audit.sh +++ b/run-yarn-audit.sh @@ -6,7 +6,8 @@ set -u set +e -output=$(yarn audit --level low --json) +cmd="yarn audit --level low --json" +output=$($cmd) result=$? set -e @@ -30,10 +31,10 @@ echo fixes and they do not apply to production, you may ignore them echo echo To ignore these vulnerabilities, run: echo -echo "yarn audit --json | grep auditAdvisory > yarn-audit-known-issues" +echo "$cmd | grep auditAdvisory > yarn-audit-known-issues" echo echo and commit the yarn-audit-known-issues file echo echo "$output" | grep auditAdvisory | python -mjson.tool -exit "$result" \ No newline at end of file +exit "$result"