Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update dependencies #55

Merged
merged 3 commits into from
Sep 1, 2020
Merged

update dependencies #55

merged 3 commits into from
Sep 1, 2020

Conversation

jfrerich
Copy link
Contributor

Summary

In prep for the v0.1.0 release, we should fix these dependabot alerts.

image

Ticket Link

n/a

@jfrerich jfrerich added 2: Dev Review Requires review by a core committer 3: QA Review Requires review by a QA tester labels Aug 25, 2020
@jfrerich jfrerich added this to the v0.1.0 milestone Aug 25, 2020
@jfrerich jfrerich requested review from iomodo and hanzei August 25, 2020 16:11
@jfrerich jfrerich added this to Submitted in Integrations Team via automation Aug 25, 2020
@jfrerich jfrerich self-assigned this Aug 25, 2020
@hanzei hanzei mentioned this pull request Aug 25, 2020
Closed
1 task
@codecov
Copy link

codecov bot commented Aug 25, 2020
edited
Loading

Codecov Report

Merging #55 into master will increase coverage by 2.04%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #55      +/-   ##
==========================================
+ Coverage   26.23%   28.27%   +2.04%     
==========================================
  Files           6        6              
  Lines         343      343              
==========================================
+ Hits           90       97       +7     
+ Misses        235      229       -6     
+ Partials       18       17       -1
Impacted Files Coverage Δ
server/utils.go 95.12% <0.00%> (+17.07%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0f165d1...5489921. Read the comment docs.

hanzei
hanzei reviewed Aug 26, 2020
View reviewed changes
Copy link
Contributor

@hanzei hanzei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the diff so huge? If there are only two alerts to fix, why do all of these dependencies get updated?

@jfrerich
Copy link
Contributor Author

@hanzei, package-lock.json changed considerably after running npm audit fix.

After running npm install on master, we see the following:
image

After running npm audit fix the low severity packages were also updated.
image

It looks like Dependabot only highlights medium and high severity issues, but running npm audit fix fixes the low severity dependencies also.

If we prefer only to fix the two dependabot notifications, I can rerun the following and reduce the total number of dependency updates:

  • npm install --save-dev serialize-javascript@3.1.0
  • npm install --save-dev minimist@0.2.1

@hanzei
Copy link
Contributor

hanzei commented Aug 28, 2020

I'm 1/5 to only fix the ones that Dependabot reports. We don't have a process for the other ones.

If there is an easy way to fix only these two, I would prefer it, but if there is none, I'm fine with using npm audit fix.

@jfrerich jfrerich requested a review from hanzei September 1, 2020 18:45
hanzei
hanzei approved these changes Sep 1, 2020
View reviewed changes
Copy link
Contributor

@hanzei hanzei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@hanzei hanzei removed the 2: Dev Review Requires review by a core committer label Sep 1, 2020
@hanzei
Copy link
Contributor

hanzei commented Sep 1, 2020

It might be fine to skip QA review here, as release testing is coming up soon after.

@jfrerich
Copy link
Contributor Author

jfrerich commented Sep 1, 2020

agree! Merging!

@jfrerich jfrerich added 4: Reviews Complete All reviewers have approved the pull request and removed 3: QA Review Requires review by a QA tester labels Sep 1, 2020
@jfrerich jfrerich merged commit 63b0883 into master Sep 1, 2020
Integrations Team automation moved this from Submitted to Done Sep 1, 2020
@jfrerich jfrerich deleted the fix-dependabot-alerts branch September 1, 2020 18:47
@jwilander jwilander removed this from Done in Integrations Team Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iomodo iomodo iomodo approved these changes

@hanzei hanzei hanzei approved these changes

Assignees
No one assigned
Labels
4: Reviews Complete All reviewers have approved the pull request
Projects
None yet
Milestone
v0.2.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jfrerich @hanzei @iomodo