Test Version cockpit-ovirt-0.13.2 Test Steps: 1. $ cd cockpit-ovirt/dashboard 2. create package-lock.json if not exist (with "$ npm i --only-package-lock") 3. install all deps with "$ npm install" 4. $ npm audit Result: found 42 vulnerabilities (7 low, 30 moderate, 5 high) in 6600 scanned packages QE can reproduce this issue, ACK+
QE will verify it until getting the build with cockpit-ovirt-0.13.3
Test Version cockpit-ovirt-0.13.3 Test Steps: According to comment 2 Result: Same with comment 1 [xxx@localhost dashboard]$ npm audit === npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.4.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ patternfly [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ patternfly > jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/796 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 moderate severity vulnerability in 6112 scanned packages 1 vulnerability requires manual review. See the full report for details. Bug is fixed, move to "VERIFIED"
This bugzilla is included in oVirt 4.3.5 release, published on July 30th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.5 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.