Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WT-536] Removed package vulnerabilities #617

Merged
merged 9 commits into from Mar 12, 2024
Merged

[WT-536] Removed package vulnerabilities #617

merged 9 commits into from Mar 12, 2024

Conversation

henrykaus
Copy link
Collaborator

@henrykaus henrykaus commented Feb 27, 2024
edited

Description

Updated and removed vulnerable (unused) packages from client and server package.json.
Removed the following unused package from server/:

  • axios: was unused
image

Removed the following unused packages from client/:

  • @emotion/react
  • @emotion/styled
  • @mui/lab
  • axios: is now unused
  • daisyui
  • deep-diff
  • react-tailwind-table

Moved react-scripts to dev dependencies.

Updated client packages:

  • @types/node from 16.11.41 to 20.5.8.
  • @mui/x-data-grid from 5.0.0-beta.5 to 5.4.1
image

IMPORTANT: What I learned was that the bulk of the vulnerabilities are coming from react-scripts. However, this is only a dev dependency, and so these vulnerabilities can be ignored (see this thread). To run an appropriate package audit, just do npm audit --omit=dev.

Risks

Small chance that one of these packages were being used, but this is unlikely.

Validation

Checked docker container consoles and played around in WonderTix with no found errors (particularly looked at the X-Data-Grid components.

Issue

#536

Operating System

macOS M2

@henrykaus henrykaus linked an issue Feb 27, 2024 that may be closed by this pull request
Upgrade/fix vulnerable npm packages #536
Closed
@henrykaus henrykaus marked this pull request as ready for review March 2, 2024 22:04
ben16williams
ben16williams approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@ben16williams ben16williams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for trudging through the dependencies mess

@henrykaus henrykaus merged commit dbdac02 into main Mar 12, 2024
2 checks passed
@henrykaus henrykaus deleted the WT-536 branch March 12, 2024 19:16
@henrykaus henrykaus mentioned this pull request Mar 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ben16williams ben16williams ben16williams approved these changes

@benfaustin95 benfaustin95 Awaiting requested review from benfaustin95

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade/fix vulnerable npm packages
2 participants
@henrykaus @ben16williams