Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updating packages #1336

Merged
merged 11 commits into from
May 26, 2021
Merged

updating packages #1336

merged 11 commits into from
May 26, 2021

Conversation

HalcyonJAC
Copy link
Contributor

@HalcyonJAC HalcyonJAC commented May 20, 2021
edited by mbrookeswebdev
Loading

I have resolved some security vulnerabilities by doing the following:

  • upgraded some packages
  • installed some peer dev dependancies manually
  • removed the firebase-tools package as had a vulnerability in it and the package wasn't being used anywhere. Note: If we need it in future add the latest (secure) version.
  • updated sass-loader to v10 (which is the latest version of sass-loader that is compatible with Vue CLI v4). The application now compiles faster :)

I also resolved some minor compilation warnings coming from the linter

Note: The majority of the vulnarabilities left are moderate and caused by an outdated version of postcss but upgrading this would require many other packages to be upgraded too.

PREVIEW:DEVELOP

@HalcyonJAC HalcyonJAC self-assigned this May 20, 2021
@HalcyonJAC HalcyonJAC temporarily deployed to develop May 20, 2021 13:01 Inactive
@github-actions
Copy link

github-actions bot commented May 20, 2021
edited
Loading

Visit the preview URL for this PR (updated for commit 7521827):

https://jac-admin-develop--pr1336-security-1303-npm-au-enfsvcu8.web.app

(expires Sun, 20 Jun 2021 15:21:44 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

@HalcyonJAC HalcyonJAC changed the title updating packages with npm audit fix updating packages May 20, 2021
@HalcyonJAC HalcyonJAC temporarily deployed to develop May 20, 2021 15:52 Inactive
@HalcyonJAC HalcyonJAC marked this pull request as ready for review May 20, 2021 19:51
@HalcyonJAC HalcyonJAC requested review from a team as code owners May 20, 2021 19:51
@HalcyonJAC HalcyonJAC requested review from JeremykJAC and joy-ade May 20, 2021 19:51
@mbrookeswebdev mbrookeswebdev temporarily deployed to develop May 21, 2021 08:38 Inactive
@HalcyonJAC HalcyonJAC temporarily deployed to develop May 21, 2021 09:51 Inactive
@HalcyonJAC HalcyonJAC temporarily deployed to develop May 21, 2021 15:15 Inactive
@HalcyonJAC HalcyonJAC force-pushed the security/1303-npm-audit branch from 09d0213 to 7521827 Compare May 21, 2021 15:15
@HalcyonJAC HalcyonJAC temporarily deployed to develop May 21, 2021 15:17 Inactive
@warrensearle warrensearle removed the request for review from lloback May 24, 2021 09:51
@warrensearle
Copy link
Member

Hey @joy-ade just to confirm the acceptance test for this ticket is to check and see if Admin is still working (using the preview url). No visual changes have been made.

joy-ade
joy-ade approved these changes May 25, 2021
View reviewed changes
Copy link

@joy-ade joy-ade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by Product Team

@joy-ade
Copy link

joy-ade commented May 25, 2021

@warrensearle I have tested the Admin and its works. PR has been approved.

@warrensearle warrensearle merged commit 918bbba into main May 26, 2021
@warrensearle warrensearle deleted the security/1303-npm-audit branch May 26, 2021 00:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joy-ade joy-ade joy-ade approved these changes

@mbrookeswebdev mbrookeswebdev mbrookeswebdev approved these changes

@warrensearle warrensearle warrensearle approved these changes

@tomlovesgithub tomlovesgithub Awaiting requested review from tomlovesgithub

@JeremykJAC JeremykJAC Awaiting requested review from JeremykJAC

Assignees

@HalcyonJAC HalcyonJAC

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@HalcyonJAC @warrensearle @joy-ade @mbrookeswebdev