ATL-589 fix security vulnerabilities by psantos9 · Pull Request #123 · leanix/leanix-reporting-cli

psantos9 · 2025-09-18T15:53:09Z

This PR aims at fixing the security vulnerabilities, for the current release (v1.0.0-beta.27) reported by npm audit command.
Moreover, during the functional testing of the cli after the dependency updates, two bugs were found on the project that may prevent the users to develop custom reports locally and upload them to the workspace.
More details can be found on the corresponding sub-tasks ATL-590 and ATL-591, including the steps to reproduce.

A successful completion of ATL-589 requires the following conditions:

The npm audit command reports 0 vulnerabilities
The broken local development server workflow is fixed (ATL-590)
The broken upload workflow if fixed (ATL-591)
The @leanix/reporting-cli v1.0.0-beta.28 package is published on npm

… method

…ibutes

…to build the url

package.json

FlorianTopf

Branch is not in sync with main.

src/helpers.ts

psantos9 added 10 commits September 18, 2025 12:12

ATL-589 Update vulnerable dependencies and add zod package

a45b71b

ATL-589 Remove workspace from lxrConfig

944798e

ATL-589 Add validation schemas and types for JwtClaims, and a parsing…

0dec230

… method

ATL-589 Remove workspace question from questionaire

1533ef5

ATL-589 Remove references to workspace name from templates

6d9d5c9

ATL-589 Add type inference to package.json object

9e78cd9

ATL-589 Update the startLocalServer method to consume jwtClaims atttr…

1f27270

…ibutes

ATL-589 Update the upload method to consume the JwtClaims attributes …

fe3386d

…to build the url

ATL-589 Update the CLI definition

b1b2b44

ATL-589 Bump version to v1.0.0-beta.28

99279e9

psantos9 requested a review from a team as a code owner September 18, 2025 15:53

psantos9 requested review from CharariLeanIX, FlorianTopf, alexander-sap, dbogolyubov and reshailleanix and removed request for a team September 18, 2025 15:53

FlorianTopf requested changes Sep 19, 2025

View reviewed changes

package.json Outdated Show resolved Hide resolved

package.json Outdated Show resolved Hide resolved

FlorianTopf requested changes Sep 19, 2025

View reviewed changes

psantos9 added 2 commits September 19, 2025 15:59

ATL-589 Pin dependencies

6872d54

Merge branch 'main' into bugfix/atl-589-fix-security-vulnerabilities

757e14a

CharariLeanIX reviewed Sep 22, 2025

View reviewed changes

src/helpers.ts Show resolved Hide resolved

psantos9 added 2 commits September 22, 2025 12:44

ARL-589 Update jwt-decode dependency

a88a2b5

ATL-589 Update the getJwtClaims method

fee6cde

CharariLeanIX approved these changes Sep 22, 2025

View reviewed changes

psantos9 requested a review from FlorianTopf September 23, 2025 11:59

FlorianTopf approved these changes Sep 24, 2025

View reviewed changes

psantos9 merged commit 361f644 into main Sep 24, 2025
2 checks passed

psantos9 deleted the bugfix/atl-589-fix-security-vulnerabilities branch September 24, 2025 12:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ATL-589 fix security vulnerabilities#123

ATL-589 fix security vulnerabilities#123
psantos9 merged 14 commits intomainfrom
bugfix/atl-589-fix-security-vulnerabilities

psantos9 commented Sep 18, 2025 •

edited by atlassian bot

Loading

Uh oh!

Uh oh!

Uh oh!

FlorianTopf left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

Conversation

psantos9 commented Sep 18, 2025 • edited by atlassian bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

FlorianTopf left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

psantos9 commented Sep 18, 2025 •

edited by atlassian bot

Loading