Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix vulnerable deps in FDC3 workbench #816

Merged
merged 5 commits into from
Sep 16, 2022
Merged

fix vulnerable deps in FDC3 workbench #816

merged 5 commits into from
Sep 16, 2022

Conversation

kriswest
Copy link
Contributor

resolves #812

Overrides vulnerable dependencies to ensure a clean npm audit

@kriswest kriswest requested a review from robmoffat September 14, 2022 20:50
@netlify
Copy link

netlify bot commented Sep 14, 2022
edited
Loading

Deploy Preview for lambent-kulfi-cf51a7 ready!

Name Link
🔨 Latest commit 11b3124
🔍 Latest deploy log https://app.netlify.com/sites/lambent-kulfi-cf51a7/deploys/6323418359ccc50008542a64
😎 Deploy Preview https://deploy-preview-816--lambent-kulfi-cf51a7.netlify.app/toolbox/fdc3-workbench
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@kriswest
Copy link
Contributor Author

Hold on this, there's still an issue as the github action for website build is using old node versions and the website scripts use yarn one of both of which are causing the deps to be resolved differently which is breaking the website build. I'll have a look at those tomorrow and try again.

@kriswest kriswest removed the request for review from robmoffat September 14, 2022 22:00
@kriswest kriswest requested review from robmoffat and a team September 15, 2022 15:28
@kriswest
Copy link
Contributor Author

kriswest commented Sep 15, 2022
edited
Loading

@robmoffat It's working now - the website workflows should be based on npm now and FDC3 workbench comes back clean from an audit, build and fdc3-workbench app are both working. Hence, please check the output @robmoffat and let me know to merge.

There are still vulnerabilities in the website and main project being reported, but this is a good first step. I'll look at the main project next. For the website... we might just have to go to docusaurus v2, which is on the todo list anyway.

@kriswest
Copy link
Contributor Author

kriswest commented Sep 15, 2022
edited
Loading

P.S. #808 will need rebasing onto main or this branch and will probably need the lock files removed as they will definitely conflict with the ones in this PR - and again after other fixes for other deps issues go in for the main project.

@robmoffat
Copy link
Member

I'm not sure how to test this without us first merging #808
If we do that, we should be able to see the results of the scan in this PR.

@kriswest
Copy link
Contributor Author

kriswest commented Sep 16, 2022 via email

robmoffat
robmoffat approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@robmoffat robmoffat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@kriswest kriswest merged commit afc85df into finos:master Sep 16, 2022
@robmoffat robmoffat mentioned this pull request Feb 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robmoffat robmoffat robmoffat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve vulnerable dependencies in FDC3 workbench
2 participants
@kriswest @robmoffat