Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDOIBT-1832: Upgrade dependencies to remove vulnerability in node-fetch package #38

Merged
merged 3 commits into from
Sep 15, 2023
Merged

RDOIBT-1832: Upgrade dependencies to remove vulnerability in node-fetch package #38

merged 3 commits into from
Sep 15, 2023

Conversation

marianacapelo
Copy link

@marianacapelo marianacapelo commented Sep 14, 2023
edited
Loading

Upgrading dependencies

Upgrade prop-types version to bump node-fetch to >= 2.6.7 (currently, 2.7.0) to remove vulnerability found by snyk.

image

os-lmo
os-lmo requested changes Sep 14, 2023
View reviewed changes
Copy link

@os-lmo os-lmo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments please

package.json Outdated
@@ -7,7 +7,7 @@
"dependencies": {
"classnames": "^2.2.5",
"memoize-one": "^5.0.0",
"prop-types": "^15.6.0",
"prop-types": "^15.6.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides, this change does not make sense because the prop-types version in package.json has a caret (it means that only the major number is locked). Hence, just doing a npm install, the prop-types version is upgraded to 15.8.1

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, running npm install is enough. I am just explicitly updating it here since 15.6.0 and 15.6.1 still have the vulnerability and it would seem a bit strange to me to keep it here, even with the caret

@marianacapelo marianacapelo changed the title RDOIBT-1832: Upgrade prop-types to remove vulnerability in node-fetch package RDOIBT-1832: Upgrade dependencies to remove vulnerability in node-fetch package Sep 15, 2023
@marianacapelo marianacapelo merged commit dabd062 into main Sep 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@os-lmo os-lmo os-lmo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marianacapelo @os-lmo