Skip to content
This repository has been archived by the owner on Jul 14, 2022. It is now read-only.

ERA A+V upgrade to Avalon 6.5.0 - step 6 of 6: security updates #621

Merged
merged 11 commits into from May 13, 2020
Merged

ERA A+V upgrade to Avalon 6.5.0 - step 6 of 6: security updates #621

merged 11 commits into from May 13, 2020

Conversation

jefferya
Copy link

@jefferya jefferya commented Mar 31, 2020
edited

Step 6 of the ERA A+V Avalon update to 6.5.0. Meant to be combined with several other steps to produce a working ERA A+V

This step:

  • applies security updates
  • fixes some missing documentation

dependabot-preview bot and others added 3 commits March 30, 2020 16:26
@dependabot-preview @jefferya
[Security] Bump rack from 1.6.11 to 1.6.12 (ualbertalib#593)
d63b62b 
* [Security] Bump rack from 1.6.11 to 1.6.12

Bumps [rack](https://github.com/rack/rack) from 1.6.11 to 1.6.12. **This update includes a security fix.**
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](rack/rack@1.6.11...1.6.12)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* update changelog for PR ualbertalib#593

Co-authored-by: Jeffery Antoniuk <jefferya@ualberta.ca>
@jefferya
Apply security updates:
312f619 
* yarn audit used to identify
* package.json resolution added to avoid forking upstream:
    * see avalonmediasystem/avalon@e6e3c1a
* bump webpacker to 4.2.2
* bump rack to 2.0.9 (problems if a newer version used as the returned datastructure changes here: https://github.com/avalonmediasystem/avalon/blob/v6.5.0/app/controllers/auth_forms_controller.rb#L41)
* bump rack-cors 1.0.5
* bump nokogiri 1.10.9
@jefferya
Merge branch 'master' into update/avalon-6.5.0
c0aa2f8
@jefferya jefferya closed this Apr 1, 2020
@jefferya jefferya reopened this Apr 1, 2020
@jefferya jefferya changed the title [WIP] Merge tag 'v6.5.0' of upstream into local 'v6.4.3' [WIP] ERA A+V upgrade to Avalon 6.5.0 - step 6 of n - security updates Apr 1, 2020
@jefferya jefferya changed the title [WIP] ERA A+V upgrade to Avalon 6.5.0 - step 6 of n - security updates [WIP] ERA A+V upgrade to Avalon 6.5.0 - step 6 of 6 - security updates Apr 1, 2020
@jefferya jefferya changed the title [WIP] ERA A+V upgrade to Avalon 6.5.0 - step 6 of 6 - security updates ERA A+V upgrade to Avalon 6.5.0 - step 6 of 6: security updates May 12, 2020
@jefferya jefferya requested a review from mbarnett May 12, 2020 22:07
jefferya
jefferya commented May 12, 2020
View reviewed changes
package.json
Comment on lines +18 to +29
"resolutions": {
"axios": "^0.18.1",
"elliptic": "^6.5.2",
"fstream": "^1.0.12",
"js-yaml": "^3.13.1",
"lodash": "^4.17.15",
"lodash.template": "^4.5.0",
"lodash.mergewith": "^4.6.2",
"mixin-deep": "^1.3.2",
"mkdirp": "^0.5.4",
"serialize-javascript": "^2.1.1",
"set-value": "^2.0.1"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package.json resolution section added building on upstream's usage
* see avalonmediasystem/avalon@e6e3c1a

@jefferya jefferya merged commit e567d1e into ualbertalib:master May 13, 2020
jefferya added a commit that referenced this pull request May 13, 2020
@jefferya
fixes incompatible json gem version after PR #621
e553cb1 
* update audio_waveform-ruby to 2.3
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mbarnett mbarnett mbarnett approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jefferya @mbarnett