Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update auth0-js + node-fetch #1996

Merged
merged 4 commits into from
Jun 4, 2021
Merged

Update auth0-js + node-fetch #1996

merged 4 commits into from
Jun 4, 2021

Conversation

stevehobbsdev
Copy link
Contributor

@stevehobbsdev stevehobbsdev commented May 25, 2021
edited
Loading

Changes

This PR performs 2 dependency updates:

  • Forcing node-fetch to resolve a vulnerability in the version used by React
    React > fbjs > isomorphic-fetch > node-fetch (link)
  • Update auth0-js to v9.16.2 (latest)

References

Testing

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of the platform/language

Checklist

@stevehobbsdev stevehobbsdev requested a review from a team as a code owner May 25, 2021 13:58
@stevehobbsdev stevehobbsdev added this to the vNext milestone May 25, 2021
davidpatrick
davidpatrick previously approved these changes May 25, 2021
View reviewed changes
@stevehobbsdev
Copy link
Contributor Author

The build is failing due to a transitive dependency (I think from Auth0.js) spewing ES6 into the compiled output, which then fails when UglifyJS tries to minify it (it can't handle ES6 syntax). Still investigating..

@stevehobbsdev stevehobbsdev dismissed stale reviews from ghost and davidpatrick via 9d780ed June 1, 2021 13:42
@stevehobbsdev
Copy link
Contributor Author

I've updated auth0-js again to fix the build. This latest version reverts the update to crypto-js which doesn't work with Lock thanks to it dropping polyfill support for the Crypto API.

@stevehobbsdev stevehobbsdev requested review from davidpatrick and a team June 1, 2021 13:43
@stevehobbsdev stevehobbsdev dismissed a stale review via 836d5e8 June 2, 2021 09:27
@stevehobbsdev stevehobbsdev merged commit 5af0d6e into master Jun 4, 2021
@stevehobbsdev stevehobbsdev deleted the dependencies branch June 4, 2021 09:44
@stevehobbsdev stevehobbsdev mentioned this pull request Jun 4, 2021
Merged
This was referenced Jun 6, 2021
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frederikprijck frederikprijck frederikprijck approved these changes

@davidpatrick davidpatrick Awaiting requested review from davidpatrick

Assignees
No one assigned
Labels
review:tiny Tiny review
Projects
None yet
Milestone
v11.30.1
Development

Successfully merging this pull request may close these issues.
3 participants
@stevehobbsdev @davidpatrick @frederikprijck