Upgrade for security advisories#4231
Conversation
| @@ -9634,13 +9639,12 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: | |||
| integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== | |||
|
|
|||
| postcss@^7.0.17: | |||
There was a problem hiding this comment.
The v7 version comes from stylelint-config-idiomatic-order. Maybe we should import this package to our tree directly and depend in stylelint-order instead, so that we can upgrade more easily that one?
There was a problem hiding this comment.
Yeah, it should be possible to do so.
| integrity sha1-DY6UaWej2BQ/k+JOKYUl/BsiNfk= | ||
| integrity sha512-sGwIGMjhYdW26/IhwK2gkWWI8DRCVO6uj3hYgHT+zD+QL1pa37tM3ujhyfcJIYSbsxp7Gxhy7zrRW/1AHm4BmA== | ||
|
|
||
| ansi-regex@^4.1.0: |
There was a problem hiding this comment.
ansi regex v4 comes from both flow-coverage-report and alex.
| @@ -11658,9 +11655,9 @@ thenify-all@^1.0.0: | |||
| thenify ">= 3.1.0 < 4" | |||
|
|
|||
| "thenify@>= 3.1.0 < 4": | |||
There was a problem hiding this comment.
thenify transitively comes from local-web-server
| version "0.2.1" | ||
| resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-0.2.1.tgz#0d8e946967a3d8143f93e24e298525fc1b2235f9" | ||
| integrity sha1-DY6UaWej2BQ/k+JOKYUl/BsiNfk= | ||
| integrity sha512-sGwIGMjhYdW26/IhwK2gkWWI8DRCVO6uj3hYgHT+zD+QL1pa37tM3ujhyfcJIYSbsxp7Gxhy7zrRW/1AHm4BmA== |
There was a problem hiding this comment.
This change comes from the fact I deleted all ansi-regex entries before running yarn, and so this regeneated this sha differently after install.
Codecov ReportBase: 88.51% // Head: 88.51% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@
## main #4231 +/- ##
=======================================
Coverage 88.51% 88.51%
=======================================
Files 282 282
Lines 24758 24758
Branches 6613 6613
=======================================
Hits 21914 21914
Misses 2642 2642
Partials 202 202 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
canova
left a comment
canova
left a comment
There was a problem hiding this comment.
LGTM!
It looks like they are indeed not serious but good to resolve them. Thanks!
| @@ -9634,13 +9639,12 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: | |||
| integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== | |||
|
|
|||
| postcss@^7.0.17: | |||
There was a problem hiding this comment.
Yeah, it should be possible to do so.
|
thanks! |
2 participants
This upgrades a few of our transitive dependencies.
Then we still have 2 advisories: one for flow-coverage-report, and one coming from
alex. Both are not directly tied to the product code so I'm not concerned, even if it would be good to upgrade them eventually too.