Update the lodash JS library #1460

ccostino · 2024-04-19T19:29:15Z

We need to update the lodash JS library (see Dependabot for details).

This might result in opening a much larger can of worms with our JS dependencies, so hopefully we can keep it to just this for now but use it as a basis for updating other libraries in the new future.

Implementation Sketch and Acceptance Criteria

Investigate what it would take to get lodash updated on our side, and just lodash and whatever it requires.
Make the necessary changes
Make sure the site still builds properly (especially static assets)
Make sure the site still functions correctly
Make sure all tests pass

Security Considerations

We need to make sure we're keeping our libraries up-to-date to address security advisories.

The text was updated successfully, but these errors were encountered:

terrazoon · 2024-04-26T17:44:45Z

I think this is a false alarm from dependabot:

The latest version of lodash is 4.17.21 ... we are on it
The latest version of lodash.template is 4.5.0 ... we are on it

I think dependabot is confusing lodash.template with lodash and thinking it should be 4.17.21, but that's not possible.

ccostino added engineering security dependencies Pull requests that update a dependency file labels Apr 19, 2024

terrazoon self-assigned this Apr 26, 2024

ccostino mentioned this issue May 17, 2024

Manage Technical Debt GSA/notifications-api#1004

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update the lodash JS library #1460

Update the lodash JS library #1460

ccostino commented Apr 19, 2024

terrazoon commented Apr 26, 2024

Update the lodash JS library #1460

Update the lodash JS library #1460

Comments

ccostino commented Apr 19, 2024

Implementation Sketch and Acceptance Criteria

Security Considerations

terrazoon commented Apr 26, 2024