Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DEV-18965] handle streambot dependabot alerts #76

Merged
merged 4 commits into from
Aug 2, 2023
Merged

[DEV-18965] handle streambot dependabot alerts #76

merged 4 commits into from
Aug 2, 2023

Conversation

josefie
Copy link
Contributor

@josefie josefie commented Aug 1, 2023
edited
Loading

  • I removed firebase-tools from npm dependencies, because it is already installed via asdf. It is used in the Makefile to run firebase deploy. I don't see a reason why this should not work without the npm package installed. However we have to test this! Unfortunately we do not have any testing possibility without actually running the deploy. 🤷‍♀️ Note: The reason for removing it is that this package caused a lot of high-severity security alerts. We could also have upgraded it to at least v9, but if it is really not necessary, I would rather remove it altogether.
  • I also updated all packages to the latest version in their specified version range ("Wanted"):
Package                          Current  Wanted   Latest   Package Type    URL                                                                               
@craco/craco                     7.0.0    7.1.0    7.1.0    devDependencies https://craco.js.org                                                              
@types/jest                      29.2.4   29.5.3   29.5.3   devDependencies https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest         
@types/lodash                    4.14.191 4.14.196 4.14.196 devDependencies https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash       
@types/react                     18.0.26  18.2.18  18.2.18  devDependencies https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react        
@types/react-dom                 18.0.9   18.2.7   18.2.7   devDependencies https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react-dom    
@types/sanitize-html             2.6.2    2.9.0    2.9.0    devDependencies https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sanitize-html
@typescript-eslint/eslint-plugin 5.46.1   5.62.0   6.2.1    devDependencies https://github.com/typescript-eslint/typescript-eslint#readme                     
@typescript-eslint/parser        5.46.1   5.62.0   6.2.1    devDependencies https://github.com/typescript-eslint/typescript-eslint#readme                     
eslint-config-prettier           8.5.0    8.9.0    8.9.0    devDependencies https://github.com/prettier/eslint-config-prettier#readme                         
eslint-plugin-prettier           4.2.1    4.2.1    5.0.0    devDependencies https://github.com/prettier/eslint-plugin-prettier#readme                         
firebase-tools                   8.20.0   8.20.0   12.4.6   dependencies    https://github.com/firebase/firebase-tools                                        
prettier                         2.8.1    2.8.1    3.0.0    devDependencies https://prettier.io                                                               
react                            17.0.2   17.0.2   18.2.0   dependencies    https://reactjs.org/                                                              
react-dom                        17.0.2   17.0.2   18.2.0   dependencies    https://reactjs.org/                                                              
react-router-dom                 5.2.0    5.3.4    6.14.2   dependencies    https://github.com/remix-run/react-router#readme                                  
react-use                        15.3.4   15.3.8   17.4.0   dependencies    https://github.com/streamich/react-use#readme                                     
sanitize-html                    2.3.2    2.11.0   2.11.0   dependencies    https://github.com/apostrophecms/sanitize-html#readme                             
styled-components                5.3.0    5.3.11   6.0.5    dependencies    https://styled-components.com                                                     
timeago-react                    3.0.5    3.0.6    3.0.6    dependencies    https://github.com/hustcc/timeago-react                                           
typescript                       4.9.4    4.9.5    5.1.6    devDependencies https://www.typescriptlang.org/

@josefie josefie changed the title [DEV-8965] handle streambot dependabot alerts [DEV-18965] handle streambot dependabot alerts Aug 1, 2023
@josefie josefie marked this pull request as ready for review August 1, 2023 14:54
flori
flori approved these changes Aug 2, 2023
View reviewed changes
Copy link
Member

@flori flori left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@josefie josefie merged commit e99a301 into master Aug 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katrinundfritz katrinundfritz katrinundfritz approved these changes

@flori flori flori approved these changes

@iz-podpolja iz-podpolja Awaiting requested review from iz-podpolja

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@josefie @flori @katrinundfritz