Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update dependencies #96

Merged
merged 4 commits into from
Jul 9, 2021
Merged

update dependencies #96

merged 4 commits into from
Jul 9, 2021

Conversation

jeffpaul
Copy link
Contributor

@jeffpaul jeffpaul commented Jul 8, 2021

Description of the Change

This PR is an artifact from running npm update, we'll want to test this branch to make sure basic plugin functions still seem stable before merging in.

Alternate Designs

n/a

Benefits

Ensures our dependencies are current, hopefully resolving all the newly opened Whitesource issues.

Possible Drawbacks

Not 100% certain whats included in these dependency updates, so we'll want to test the plugin closely.

Verification Process

Create a test plugin build from this branch, test that data is sent to / received from Sophi

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests passed.

Applicable Issues

Changelog Entry

Update NPM dependencies (there's so many, do we bother to list them all?)

@jeffpaul jeffpaul added this to the 1.0.4 milestone Jul 8, 2021
@jeffpaul jeffpaul requested review from dinhtungdu and Rahmon July 8, 2021 17:36
@jeffpaul jeffpaul self-assigned this Jul 8, 2021
@jeffpaul
Copy link
Contributor Author

jeffpaul commented Jul 8, 2021

Looks like #89 will still be an open issue with this PR, but given how deep we'd need to go in getting dependencies to update their version and that the CVSS 3 score is 5.3 we're probably ok for now and can try to ping some of those dependency libraries to update their versions?

dinhtungdu
dinhtungdu previously approved these changes Jul 9, 2021
View reviewed changes
Copy link
Contributor

@dinhtungdu dinhtungdu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As @10up/scripts is replaced by 10up-toolkit, we should use the new package instead of updating the older one.

@jeffpaul jeffpaul merged commit 6dc9c03 into develop Jul 9, 2021
@jeffpaul jeffpaul deleted the update/deps branch July 9, 2021 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinhtungdu dinhtungdu dinhtungdu left review comments

@Rahmon Rahmon Awaiting requested review from Rahmon

Assignees

@jeffpaul jeffpaul

Labels
None yet
Projects
None yet
Milestone
1.0.4
Development

Successfully merging this pull request may close these issues.
2 participants
@jeffpaul @dinhtungdu