Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes dependency vulnerabilities #1475

Merged
merged 2 commits into from
Oct 1, 2024
Merged

Fixes dependency vulnerabilities #1475

merged 2 commits into from
Oct 1, 2024

Conversation

duranb
Copy link
Collaborator

@duranb duranb commented Sep 25, 2024

No description provided.

@duranb duranb added the maintenance A dependency update label Sep 25, 2024
@duranb duranb requested a review from a team as a code owner September 25, 2024 16:54
dandelany
dandelany approved these changes Oct 1, 2024
View reviewed changes
Copy link
Collaborator

@dandelany dandelany left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@duranb your changes look good to me, but I added some additional commits that need a 👍 from you as well. details:

  • @duranb 's initial changes were meant to address the vulnerability warning you get when running npm install
  • I added a few more commits to get the security scan part of our Publish action working again, specifically:
    • upgraded Vite 5.4.6 -> 5.4.8 (didn't help but kept it)
    • upgraded our esbuild dep to ^0.24.1
    • forced Vite to use the same version of esbuild for its sub-dependency using overrides - this is what was causing the security scan error. In a future release they will update this on their side & we can remove the override.
    • Confirmed that this gets the security scan to pass

Lmk if you have any concerns... looks like Vite is upgrading shortly anyway but not released yet.

@duranb duranb merged commit 654c2e0 into develop Oct 1, 2024
5 checks passed
@duranb duranb deleted the refactor/update-deps branch October 1, 2024 20:16
JosephVolosin pushed a commit that referenced this pull request Oct 21, 2024
@duranb @dandelany
Fixes dependency vulnerabilities (#1475)
a84bf24 
* update vite, esbuild deps, override vite to use esbuild 0.24 due to security scan

---------

Co-authored-by: dandelany <dan.delany@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dandelany dandelany dandelany approved these changes

@AaronPlave AaronPlave Awaiting requested review from AaronPlave AaronPlave is a code owner automatically assigned from NASA-AMMOS/aerie-frontend

@joswig joswig Awaiting requested review from joswig joswig is a code owner automatically assigned from NASA-AMMOS/aerie-frontend

Assignees
No one assigned
Labels
maintenance A dependency update
Projects
Aerie
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@duranb @dandelany