Skip to content
This repository was archived by the owner on Nov 6, 2025. It is now read-only.

Comments

Npm audit / Node version update#1308

Merged
kfoley-18F merged 4 commits intomainfrom
npm-audit
Jul 22, 2021
Merged

Npm audit / Node version update#1308
kfoley-18F merged 4 commits intomainfrom
npm-audit

Conversation

@matthinz
Copy link
Contributor

This PR:

  • Updates the version of Node.js used to run sass in development to 14.17.3 (latest LTS)
  • Applies npm audit fix to update dependencies with vulnerabilities in a semver-compatible way
  • Applies npm audit fix --force to update dependencies with vulnerabilities in a potentially non-semver compatible way
  • Adds node-notifier as a dev dependency (this was previously directly depended on by Jest, but newer Jest versions only require it if you are using notify: true in your jest.config.js [which we are]).

This is what npm audit looks like now:

$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 658 scanned packages

This should close #1298

I'd like to rebase #1297 on main after this lands and proceed with eliminating node-sass entirely.

matthinz added 4 commits July 22, 2021 12:51
Upgrade from Node 8 to Node 14 for sass compiling docker container.
Update / patch dependencies in a semver-compatible way.
Apply non-semver compatible dependency updates to mitigate vulnerabilities (additional work may be required to verify we haven't broken anything).
Versions of Jest prior to 25.1.0 depended on this directly. Starting with 25.1.0 it became an optional dependency. If your jest config  specifies `notify: true` and `node-notifier` is _not_ present, Jest will throw an error.
@matthinz matthinz requested a review from kfoley-18F July 22, 2021 20:16
@matthinz matthinz self-assigned this Jul 22, 2021
@codecov-commenter
Copy link

codecov-commenter commented Jul 22, 2021

Codecov Report

Merging #1308 (7caeef2) into main (acb4467) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1308   +/-   ##
=======================================
  Coverage   88.56%   88.56%           
=======================================
  Files          51       51           
  Lines        2204     2204           
=======================================
  Hits         1952     1952           
  Misses        252      252           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update acb4467...7caeef2. Read the comment docs.

@kfoley-18F
Copy link
Contributor

Thanks @matthinz !!
That's a LOT of dependency updates!

@kfoley-18F kfoley-18F merged commit 95fbce6 into main Jul 22, 2021
@kfoley-18F kfoley-18F deleted the npm-audit branch July 22, 2021 20:40
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants