Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): overall minor upgrade of npm dependencies - 2023-08-18 #2627

Closed
petermetz opened this issue Aug 18, 2023 · 0 comments · Fixed by #2629
Closed

build(deps): overall minor upgrade of npm dependencies - 2023-08-18 #2627

petermetz opened this issue Aug 18, 2023 · 0 comments · Fixed by #2629
Assignees
@petermetz
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-400-expert P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Milestone
v2.0.0-alpha.2

Comments

@petermetz
Copy link
Contributor

Description

We have almost a hundred CVEs due to outdated dependencies.
Perform a global upgrade of everything with minor semver upgrades.

Acceptance Criteria

  1. Upgrades are sem-ver MINOR upgrades not MAJOR to avoid too much trouble for now (we'll get to major upgrades once the high and critical CVEs are still hanging around
  2. Do not diverge versions across packages that were previously matching (e.g. if you upgrade a dependency in one package, make sure to upgrade it in all the other ones as well and to the SAME version)
  3. Don't break the build, tests.
@petermetz petermetz added good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities good-first-issue-400-expert P1 Priority 1: Highest labels Aug 18, 2023
@petermetz petermetz added this to the v2.0.0-alpha.2 milestone Aug 18, 2023
@petermetz petermetz self-assigned this Aug 18, 2023
petermetz added a commit to petermetz/cacti that referenced this issue Aug 20, 2023
@petermetz
build(deps): overall minor upgrade of npm dependencies - 2023-08-18
e3ab4c4 
Fixes hyperledger-cacti#2627

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz mentioned this issue Aug 20, 2023
Merged
petermetz added a commit that referenced this issue Aug 21, 2023
@petermetz
build(deps): overall minor upgrade of npm dependencies - 2023-08-18
38502b5 
Fixes #2627

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@petermetz @sandeepnRES
build(deps): overall minor upgrade of npm dependencies - 2023-08-18
b46bcd9 
Fixes hyperledger-cacti#2627

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-400-expert P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
v2.0.0-alpha.2
Development

Successfully merging a pull request may close this issue.

build(deps): overall minor upgrade of npm dependencies - 2023-08-18 petermetz/cacti
1 participant
@petermetz