Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependabot - upgradefast-xml-parser, aws-amplify, react-scripts, override react-redux to non-vulnerable version #521

Merged
merged 7 commits into from
Jun 16, 2023
Merged

dependabot - upgradefast-xml-parser, aws-amplify, react-scripts, override react-redux to non-vulnerable version #521

merged 7 commits into from
Jun 16, 2023

Conversation

dlpzx
Copy link
Contributor

@dlpzx dlpzx commented Jun 15, 2023
edited
Loading

Feature or Bugfix

  • Bugfix

Detail

  • Upgraded fast-xml-parser
  • In the process I also found that other dependency libraries included vulnerabilities. In particular react-redux and nth-check, the parent packages aws-amplify, react-scripts and appbaseio/reactivesearch have been updated. For this last one, the latest version still uses a vulnerable version of react-redux so I added a ovverride clause in the package.json

Relates

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dlpzx dlpzx changed the title Hotfix/dependabot dependabot - upgradefast-xml-parser, aws-amplify, react-scripts, override react-redux to non-vulnerable version Jun 15, 2023
nikpodsh
nikpodsh reviewed Jun 15, 2023
View reviewed changes
frontend/package.json Outdated Show resolved Hide resolved
@dlpzx
Copy link
Contributor Author

dlpzx commented Jun 15, 2023

I am testing the new libraries in a previous deployment to ensure there are no issues. I won't merge until validation is complete

@dlpzx dlpzx requested a review from nikpodsh June 15, 2023 14:30
@dlpzx dlpzx requested a review from nikpodsh June 16, 2023 07:59
@dlpzx
Copy link
Contributor Author

dlpzx commented Jun 16, 2023

Hi @nikpodsh I just finished testing! I had to change some imports because of the upgrade to aws-amplify v5. This issues did not appear in the local development because the imports happen in the index.js file!

@dlpzx dlpzx merged commit 9efb234 into main Jun 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikpodsh nikpodsh Awaiting requested review from nikpodsh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dlpzx @nikpodsh