Skip to content

2649: More security fixes#2775

Merged
trslater merged 7 commits intodevelopfrom
2649-check-for-and-fix-high-severity-issues-before-test-cut-2
Feb 5, 2026
Merged

2649: More security fixes#2775
trslater merged 7 commits intodevelopfrom
2649-check-for-and-fix-high-severity-issues-before-test-cut-2

Conversation

@trslater
Copy link
Collaborator

@trslater trslater commented Feb 3, 2026
edited
Loading

  • NPM audit fixes for ALCS and portal
  • API needed more work
    • Update NestJS from 10 to 11
    • Update other necessary packages
    • Use nest-keycloak-connect alpha to work with NestJS 11 (necessary for patching critical vulnerability)
    • Update tests to work with updated packages

Note: coverage check is failing, but this is not actually new code. I feel it is out of scope of this ticket to try to get coverage up for existing code.

@trslater trslater changed the title 2649: More fixes 2649: More security fixes Feb 3, 2026
@trslater
Fix easy API vulnerabilities
b87ccb4
@trslater
Update NestJS from 10 to 11
13f5e10 
- Also update Fastify
- Add alpha nest-keycloak-connect to allow using NestJS 11
- Patch code to work with new packages
@trslater
Fix tests
b029d95
@trslater trslater marked this pull request as ready for review February 4, 2026 22:33
PaulGreywal
PaulGreywal reviewed Feb 5, 2026
View reviewed changes
services/package.json Outdated
"handlebars": "^4.7.8",
"keycloak-connect": "^24.0.2",
"nest-keycloak-connect": "^1.10.0",
"nest-keycloak-connect": "^2.0.0-alpha.2",
Copy link
Contributor

@PaulGreywal PaulGreywal Feb 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can possibly remove the "^" here if we are moving to a stable version in the future (this may update to an even more unstable version in the future).

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 5, 2026

Quality Gate Passed Quality Gate passed for 'bcgov-alcs-portal-frontend'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 5, 2026

Quality Gate Failed Quality Gate failed for 'bcgov-alcs-services'

Failed conditions
20.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 5, 2026

Quality Gate Passed Quality Gate passed for 'bcgov-alcs-frontend'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@trslater trslater merged commit 4b1e4e6 into develop Feb 5, 2026
14 of 15 checks passed
@trslater trslater deleted the 2649-check-for-and-fix-high-severity-issues-before-test-cut-2 branch February 5, 2026 17:08
@trslater trslater linked an issue Feb 5, 2026 that may be closed by this pull request
Check for and fix high severity issues before test cut #2649
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PaulGreywal PaulGreywal PaulGreywal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Check for and fix high severity issues before test cut

2 participants

@trslater @PaulGreywal