dependabot - upgradefast-xml-parser, aws-amplify, react-scripts, over…

…ride react-redux to non-vulnerable version (#521) ### Feature or Bugfix - Bugfix ### Detail - Upgraded `fast-xml-parser` - In the process I also found that other dependency libraries included vulnerabilities. In particular `react-redux` and `nth-check`, the parent packages `aws-amplify`, `react-scripts` and `appbaseio/reactivesearch` have been updated. For this last one, the latest version still uses a vulnerable version of `react-redux` so I added a ovverride clause in the package.json ### Relates - Related to https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.2.4 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
data-dot-all · Jun 16, 2023 · 9efb234 · 9efb234
1 parent 6880237
commit 9efb234
Show file tree

Hide file tree

Showing 4 changed files with 11,819 additions and 9,868 deletions.
diff --git a/frontend/package.json b/frontend/package.json
@@ -13,11 +13,12 @@
   },
   "dependencies": {
     "@apollo/client": "^3.3.19",
-    "@appbaseio/reactivesearch": "^3.29.1",
+    "@appbaseio/reactivesearch": "^3.43.10",
     "@emotion/react": "^11.8.2",
     "@emotion/styled": "^11.8.1",
     "@monaco-editor/react": "^4.3.1",
     "@mui/icons-material": "^5.5.1",
+    "@mui/x-date-pickers": "^5.0.0",
     "@mui/lab": "^5.0.0-alpha.74",
     "@mui/material": "^5.5.2",
     "@mui/styles": "^5.5.1",
@@ -29,7 +30,7 @@
     "amazon-quicksight-embedding-sdk": "^1.18.1",
     "apexcharts": "^3.33.2",
     "apollo-boost": "^0.4.9",
-    "aws-amplify": "^4.3.17",
+    "aws-amplify": "^5.2.6",
     "axios": "^0.26.1",
     "classnames": "^2.3.1",
     "date-fns": "^2.28.0",
@@ -53,12 +54,17 @@
     "react-redux": "^7.2.6",
     "react-router": "6.0.0",
     "react-router-dom": "6.0.0",
-    "react-scripts": "^5.0.0",
+    "react-scripts": "^5.0.1",
     "simplebar": "^5.3.6",
     "simplebar-react": "^2.3.6",
     "web-vitals": "^2.1.4",
     "yup": "^0.32.11"
   },
+  "overrides" : {
+    "@appbaseio/reactivesearch": {
+      "react-redux": "^7.2.6"
+    }
+  },
   "resolutions": {
     "nth-check": "^2.0.1"
   },

diff --git a/frontend/src/contexts/AmplifyContext.js b/frontend/src/contexts/AmplifyContext.js
@@ -1,6 +1,6 @@
 import { createContext, useEffect, useReducer } from 'react';
 import PropTypes from 'prop-types';
-import Amplify, { Auth } from 'aws-amplify';
+import { Amplify, Auth } from 'aws-amplify';
 import { SET_ERROR } from '../store/errorReducer';
 
 Amplify.configure({

diff --git a/frontend/src/index.js b/frontend/src/index.js
@@ -4,8 +4,8 @@ import ReactDOM from 'react-dom';
 import { HelmetProvider } from 'react-helmet-async';
 import { BrowserRouter } from 'react-router-dom';
 import { Provider as ReduxProvider } from 'react-redux';
-import LocalizationProvider from '@mui/lab/LocalizationProvider';
-import AdapterDateFns from '@mui/lab/AdapterDateFns';
+import { AdapterDateFns } from "@mui/x-date-pickers/AdapterDateFns";
+import { LocalizationProvider } from "@mui/x-date-pickers/LocalizationProvider";
 import StyledEngineProvider from '@mui/material/StyledEngineProvider';
 import App from './App';
 import { AuthProvider } from './contexts/AmplifyContext';