Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Upgrade Reactist to v23.1.0 #59

Merged
merged 1 commit into from
Jan 31, 2024
Merged

chore(deps): Upgrade Reactist to v23.1.0 #59

merged 1 commit into from
Jan 31, 2024

Conversation

gnapse
Copy link
Contributor

@gnapse gnapse commented Jan 31, 2024

No description provided.

@gnapse gnapse mentioned this pull request Jan 31, 2024
Closed
@gnapse
Copy link
Contributor Author

gnapse commented Jan 31, 2024

@pawelgrimm, @scottlovegrove what would you recomment we do about the failed check due to npm audit having found a vulnerability with a dependency: @babel/traverse.

I ran npm ls @babel/traverse, and got quite a few direct dependencies through which we get this vulnerable package indirectly:

Details 

❯ npm ls @babel/traverse
root@ /Users/ernesto/code/doist/ui-extensions
├─┬ @doist/ui-extensions-react@12.0.0 -> ./packages/ui-extensions-react
│ ├─┬ @storybook/addon-essentials@6.5.5
│ │ ├─┬ @storybook/addon-docs@6.5.5
│ │ │ └─┬ @storybook/mdx1-csf@0.0.1
│ │ │   └─┬ @mdx-js/mdx@1.6.22
│ │ │     ├─┬ @babel/core@7.12.9
│ │ │     │ └── @babel/traverse@7.23.9 deduped
│ │ │     └─┬ remark-mdx@1.6.22
│ │ │       └─┬ @babel/core@7.12.9
│ │ │         └── @babel/traverse@7.23.9 deduped
│ │ └─┬ @storybook/core-common@6.5.5
│ │   ├─┬ @babel/plugin-proposal-decorators@7.18.2
│ │   │ └─┬ @babel/helper-replace-supers@7.19.1
│ │   │   └── @babel/traverse@7.23.9 deduped
│ │   └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │     └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │       └── @babel/traverse@7.23.9 deduped
│ ├─┬ @storybook/react@6.5.16
│ │ ├─┬ @storybook/core-common@6.5.16
│ │ │ └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │ │   └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │ │     └── @babel/traverse@7.23.9 deduped
│ │ ├─┬ @storybook/core@6.5.16
│ │ │ └─┬ @storybook/core-server@6.5.16
│ │ │   ├─┬ @storybook/builder-webpack4@6.5.16
│ │ │   │ └─┬ @storybook/core-common@6.5.16
│ │ │   │   └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │ │   │     └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │ │   │       └── @babel/traverse@7.23.9 deduped
│ │ │   ├─┬ @storybook/core-common@6.5.16
│ │ │   │ └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │ │   │   └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │ │   │     └── @babel/traverse@7.23.9 deduped
│ │ │   ├─┬ @storybook/csf-tools@6.5.16
│ │ │   │ └── @babel/traverse@7.23.9 deduped
│ │ │   ├─┬ @storybook/manager-webpack4@6.5.16
│ │ │   │ └─┬ @storybook/core-common@6.5.16
│ │ │   │   └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │ │   │     └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │ │   │       └── @babel/traverse@7.23.9 deduped
│ │ │   └─┬ @storybook/telemetry@6.5.16
│ │ │     └─┬ @storybook/core-common@6.5.16
│ │ │       └─┬ babel-plugin-polyfill-corejs3@0.1.7
│ │ │         └─┬ @babel/helper-define-polyfill-provider@0.1.5
│ │ │           └── @babel/traverse@7.23.9 deduped
│ │ └─┬ babel-plugin-react-docgen@4.2.1
│ │   └─┬ react-docgen@5.4.0
│ │     └─┬ estree-to-babel@3.2.1
│ │       └── @babel/traverse@7.23.9 deduped
│ └─┬ @svgr/rollup@6.5.1
│   └─┬ @babel/preset-env@7.20.2
│     └─┬ @babel/plugin-proposal-async-generator-functions@7.20.1
│       └─┬ @babel/helper-remap-async-to-generator@7.18.9
│         └─┬ @babel/helper-wrap-function@7.19.0
│           └── @babel/traverse@7.23.9 deduped
├─┬ jest@27.5.1
│ └─┬ @jest/core@27.5.1
│   └─┬ jest-snapshot@27.5.1
│     └── @babel/traverse@7.23.9 deduped
└─┬ ts-jest@27.1.5
  └─┬ @babel/core@7.20.2
    ├─┬ @babel/helper-module-transforms@7.20.2
    │ └── @babel/traverse@7.23.9 deduped
    ├─┬ @babel/helpers@7.20.1
    │ └── @babel/traverse@7.23.9 deduped
    └── @babel/traverse@7.23.9

Do we need to update them all?

@scottlovegrove
Copy link
Contributor

@gnapse Rebase on main please. I've run audit fixes, plus I noticed our audit check wasn't set to production only (all our other extension repos are set to this).

@gnapse gnapse merged commit 20b6cae into main Jan 31, 2024
3 checks passed
@gnapse gnapse deleted the ernesto/upgrade-reactist branch January 31, 2024 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gnapse @scottlovegrove