Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update dependencies to fix vulnerabilities and improve compatib… #13712

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

q1akm
Copy link

@q1akm q1akm commented Dec 1, 2024

Pull Request: Dependency Updates and Security Improvements

This PR updates the dependencies of the create-react-app project to address security vulnerabilities and improve compatibility with modern tooling. Below is a summary of the changes made:

Key Updates:
@testing-library/jest-dom: Updated to version 6.0.0.
@testing-library/react: Updated to version 14.0.0.
@testing-library/user-event: Updated to version 14.4.3.
eslint: Updated to version 8.57.0.
prettier: Updated to version 3.0.3.
jest: Updated to version 29.6.1.
puppeteer: Updated to version 21.0.2.
Additional dependency updates: lerna, husky, fs-extra, globby, and more.
Vulnerabilities Addressed:
This update resolves vulnerabilities as identified by tools like npm audit. Key vulnerabilities fixed include:

GHSA-gcx4-mw62-g8wm (Rollup)
GHSA-h9rv-jmmf-4pgx (Serialize-Javascript)
GHSA-wf5p-g6vw-rhxx (Axios)
GHSA-pfrx-2q88-qq97 (Got)
GHSA-35jh-r3h4-6jhm (Lodash)
Benefits:
Improved Security: Resolves vulnerabilities to ensure a safer dependency ecosystem.
Modern Compatibility: Aligns the project with the latest versions of dependencies for better support and features.
Enhanced Developer Experience: Streamlined scripts and tools using updated versions.
Testing:
The changes have been tested in the monorepo structure to ensure no disruptions in builds, tests, and scripts. The postinstall, build, and start scripts have been validated in the workspace environment.

…ility

Updated key dependencies, including @testing-library/*, eslint, prettier, jest, and puppeteer, to their latest versions.

Resolved security vulnerabilities:
Rollup (GHSA-gcx4-mw62-g8wm)
Serialize-Javascript (GHSA-h9rv-jmmf-4pgx)
Axios (GHSA-wf5p-g6vw-rhxx)
Got (GHSA-pfrx-2q88-qq97)
Lodash (GHSA-35jh-r3h4-6jhm)

Ensured compatibility with monorepo structure and modern Node.js/NPM environments.

Validated core scripts (build, start, and test) with updated dependencies.
@JoeBrar
Copy link

JoeBrar commented Dec 10, 2024

@testing-library/react should be updated to v16.1.0, which is the latest version and supports React 19. Otherwise create-react-app will fail and give dependency error for React 19.

This PR updates the dependency @testing-library/react to version 16.1.0 in the devDependencies section of the project.
@q1akm
Copy link
Author

q1akm commented Dec 11, 2024

Thank you for pointing this out! I’ve updated @testing-library/react to version 16.1.0 in this PR to ensure compatibility with React 19. This should address the dependency error with create-react-app when using React 19. Please let me know if there are any additional concerns or changes needed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants