-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies with old dependencies #250
Conversation
This was a major upgrade for the react-router-dom package and required some pretty fundamental changes to the way our routing and redirects work. For the react-scripts, we just needed to add an additional eslint config package to the package.json
fa8c0f0
to
96542db
Compare
There are a ton of eslint packages in our `package-lock.json` that we don't directly use and there are updates to several of them as well. This updates them to the newest cohesive set (we can't move to eslint 8 yet) possible.
A few packages were downgraded and should not have been. This puts them back to the newest compatible version
This PR also applies the same versions from (or removes the need for):
As well as several other packages. By updating |
@@ -24,7 +24,7 @@ import { | |||
} from "@EasyDynamics/oscal-react-library"; | |||
import logo from "./images/logo-header.svg"; | |||
|
|||
const theme = createMuiTheme({ | |||
const theme = createTheme({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If anyone is wondering why this was changed when reviewing: Material UI Migration from V4 to V5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah exactly. This wasn't necessarily required but it was a noisy warning (and has been for awhile) and hopefully it'll be one less thing to handle in #244
This updates a few React-related packages that themselves have a bunch of outdated packages as dependencies. An
npm install
after these changes shows 74 vulnerabilities (59 moderate, 15 high). Before these changes, it is 130 vulnerabilities (107 moderate, 21 high, 2 critical). It's not a massive improvement on the high/critical side but I think it unblocks a few more potential updates