Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Chore/dep patch #968

Merged
merged 26 commits into from
Feb 11, 2022
Merged

Chore/dep patch #968

merged 26 commits into from
Feb 11, 2022

Conversation

mfshao
Copy link
Collaborator

@mfshao mfshao commented Jan 31, 2022
edited
Loading

Jira Ticket: FRC-35

deployed in https://mingfei.planx-pla.net/

Update dependencies to patch FedRAMP vulnerabilities

  • Upgrade tar to version 6.1.9, 5.0.10, 4.4.18 or higher.
  • Upgrade prismjs to version 1.21.0 or higher.
  • Upgrade trim-newlines to version 3.0.1, 4.0.1 or higher.
  • Upgrade object-path to version 0.11.8 or higher.
  • Upgrade zrender to version 5.2.1 or higher.
  • Upgrade ansi-regex to version 6.0.1, 5.0.1 or higher.
  • Upgrade css-what to version 5.0.1 or higher.
  • Upgrade nth-check to version 2.0.1 or higher.
  • Upgrade path-parse to version 1.0.7 or higher.
  • Upgrade tmpl to version 1.0.5 or higher.
  • Upgrade xss to version 1.0.10 or higher.

Dependency updates

  • Upgrade tar to version 6.1.9, 5.0.10, 4.4.18 or higher.
  • Upgrade prismjs to version 1.21.0 or higher.
  • Upgrade trim-newlines to version 3.0.1, 4.0.1 or higher.
  • Upgrade object-path to version 0.11.8 or higher.
  • Upgrade zrender to version 5.2.1 or higher.
  • Upgrade ansi-regex to version 6.0.1, 5.0.1 or higher.
  • Upgrade css-what to version 5.0.1 or higher.
  • Upgrade nth-check to version 2.0.1 or higher.
  • Upgrade path-parse to version 1.0.7 or higher.
  • Upgrade tmpl to version 1.0.5 or higher.
  • Upgrade xss to version 1.0.10 or higher.

@mfshao mfshao marked this pull request as ready for review February 9, 2022 20:30
paulineribeyre
paulineribeyre reviewed Feb 10, 2022
View reviewed changes
Copy link
Contributor

@paulineribeyre paulineribeyre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, just need to update gen3-ui-component and guppy

webpack.config.js Show resolved Hide resolved
Dockerfile
@@ -27,8 +27,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& npm install -g npm@7 \
&& npm config set maxsockets 5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curious why we don't need this anymore?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this issue has been addressed in a newer version of npm npm/cli#2977 (comment)

@mfshao mfshao merged commit 7a3ce97 into master Feb 11, 2022
@mfshao mfshao deleted the chore/dep-patch branch February 11, 2022 20:33
@mfshao mfshao mentioned this pull request Feb 11, 2022
Closed
@jmontmaxwell jmontmaxwell mentioned this pull request Jun 23, 2023
Closed
This was referenced Jul 7, 2023
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@paulineribeyre paulineribeyre paulineribeyre approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mfshao @paulineribeyre @PlanXCyborg