Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update lots of dependencies #885

Merged
merged 16 commits into from
Aug 9, 2023
Merged

Update lots of dependencies #885

merged 16 commits into from
Aug 9, 2023

Conversation

andersju
Copy link
Member

Checklist:

  • I have run the unit tests. yarn test:unit
  • I have run the linter. yarn lint

Tickets involved

LXL-4135

Before:

~/l/l/vue-client (develop=) yarn audit
...
159 vulnerabilities found - Packages audited: 1912
Severity: 42 Low | 79 Moderate | 34 High | 4 Critical

~/l/l/nuxt-app (develop *=) yarn audit
...
192 vulnerabilities found - Packages audited: 1600
Severity: 58 Moderate | 111 High | 23 Critical

After:

~ /l/l/vue-client (feature/lxl-4135-update-deps $=) yarn audit
...
1 vulnerabilities found - Packages audited: 1331
Severity: 1 Moderate

~/l/l/nuxt-app (feature/lxl-4135-update-deps +*$=) yarn audit
...
 vulnerabilities found - Packages audited: 1517
Severity: 2 High

The one in vue-client:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ tough-cookie Prototype Pollution vulnerability               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tough-cookie                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.1.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ client-oauth2                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ client-oauth2 > popsicle > popsicle-cookie-jar >             │
│               │ tough-cookie                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1092470                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

client-oauth2 hasn't had a new release in about three years. Should probably look at replacing it at some point.

The one in nuxt-app:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ glob-parent before 5.1.2 vulnerable to Regular Expression    │
│               │ Denial of Service in enclosure regex                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nuxt                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ nuxt > @nuxt/webpack > webpack > watchpack >                 │
│               │ watchpack-chokidar2 > chokidar > glob-parent                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1091181                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

It's safe to ignore (nuxt/nuxt#9284).

Also got rid of a bunch of warnings about unmet/incorrect dependencies (made explicit some previously only implicit stuff).

Removed modernizr because it seemed like we hadn't used it in a long time.

@andersju
Bump kungbib-styles to 2.1.0 and update lockfile
e541972
@andersju
Add Bootstrap _maps to nuxt config to fix webpack build
f33e50e
@andersju
Bump nuxt to 2.16.3
0367c03
@andersju
vue-client: upgrade to Webpack 5; fix lint issues
f4a18f2
@andersju
Remove superfluous imports
4cc231d
@andersju
Update yarn.lock
40974e3
@andersju
Polyfills for es6.promise and es6.symbol not necessary anymore?
2be6f57
@andersju
Add core-js, bump vue-cli, add fallback modules, adapt options for We…
6bfe1f9 
…bpack 5
@andersju
Bump marked, adapt import
63ab644
@andersju
Bump bootstrap
7844305
@andersju
Add no-longer-needed babel.config.js; lint
427fb28
@andersju
Make unit tests work again
9b358a7
@andersju
More dependency juggling; remove modernizr because it seems like we h…
e35a64f 
…aven't used it for a long time
@andersju
Bump less-loader; remove more modernizr leftovers
21e62bc
@andersju
nuxt-app: bump jest stuff
40c9356
@andersju
Bump nuxt to 2.17.1
9f873b7
@olovy
Copy link
Contributor

olovy commented Aug 8, 2023

🚧 👷 LGTM!

@andersju andersju merged commit fb88991 into develop Aug 9, 2023
@andersju andersju deleted the feature/lxl-4135-update-deps branch August 9, 2023 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olovy olovy olovy approved these changes

@didair didair Awaiting requested review from didair

@johanbissemattsson johanbissemattsson Awaiting requested review from johanbissemattsson

@lrosenstrom lrosenstrom Awaiting requested review from lrosenstrom

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@andersju @olovy