Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade react + related deps; upgrade react-styleguidist #394

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Upgrade react + related deps; upgrade react-styleguidist #394

wants to merge 1 commit into from

Conversation

wfro
Copy link
Contributor

@wfro wfro commented Jan 13, 2020

Part 2 of 2 of resolving the CVE here: https://github.com/instacart/snacks/network/alert/yarn.lock/serialize-javascript/open

  • Upgrades react/react-dom from 16.4.2 => 16.12.0
    • Also upgrades any deps that rely on certain versions of
      react like enzyme/react-test-renderer
  • Upgrades react-styleguidist from 9 => 10. This was the original
    target package to upgrade since it had the outdated
    serialize-javascript dependency

@codecov
Copy link

codecov bot commented Jan 13, 2020
edited

Codecov Report

Merging #394 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #394   +/-   ##
=======================================
  Coverage   83.84%   83.84%           
=======================================
  Files          62       62           
  Lines        1300     1300           
  Branches      230      230           
=======================================
  Hits         1090     1090           
  Misses        159      159           
  Partials       51       51

stefceror
stefceror previously approved these changes Jan 13, 2020
View reviewed changes
Copy link
Contributor

@stefceror stefceror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

NinjaBanjo
NinjaBanjo reviewed Jan 13, 2020
View reviewed changes
package.json
"react-dom": "16.4.2",
"react-styleguidist": "9.0.9",
"react-test-renderer": "16.4.2",
"react": "^16.12.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should prob make sure this is a minor version change, as react updating is not insignificant (bundle sizes and all)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea 👍 , I think this would actually somehow be the first non-patch release.

NinjaBanjo
NinjaBanjo previously approved these changes Jan 13, 2020
View reviewed changes
Upgrade react + related deps; upgrade react-styleguidist
f2e8400 
* Upgrades react/react-dom from 16.4.2 => 16.12.0.
  * Also upgrades any deps that rely on certain versions of
    react like enzyme/react-test-renderer
* Upgrades react-styleguidist from 9 => 10. This was the original
  target package to upgrade since it had the outdated
  serialize-javascript dependency
* Sets an explicit version of node in package.json
* Updates circleci config to use node 10 (required by the newer
  version of react-styleguidist)
@wfro wfro dismissed stale reviews from NinjaBanjo and stefceror via f2e8400 January 14, 2020 22:45
@wfro
Copy link
Contributor Author

wfro commented Jan 14, 2020

Had to rebase due to lockfile conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanmarks nathanmarks Awaiting requested review from nathanmarks

@mmarcuccio mmarcuccio Awaiting requested review from mmarcuccio

@NinjaBanjo NinjaBanjo Awaiting requested review from NinjaBanjo

@stefceror stefceror Awaiting requested review from stefceror

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wfro @NinjaBanjo @stefceror