New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): bump deps to avoid subdependency problems #419
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Going to need to fix some vitest issues... 😔 |
…l-frontend into 418-bump-deps-for-security-audit
So this vitest error... I did find some problems with how tests run locally, which I spun off into its own PR over here. Ready for re-review @shindigira! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All clear!
After a little shuffling, I removed the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about the commit-to-the-wrong-branch!
Audit still clear. 👍🏾
No worries! Thanks for the quick re-review @meissadia! |
We have some two moderate security issues with current subdependencies that would be good to fix before the cybersecurity audits. I found the deps that had the subdependencies that were causing the issues and upped their versions to the minimum version that didn't have the security issues: a little nicer than just using
resolutions
to override the subdependencies.Changes
"axios": "^1.6.7"
=>"axios": "^1.6.8"
"start-server-and-test": "2.0.0"
=>"start-server-and-test": "^2.0.3"
"vitest": "0.31.0"
=>"vitest": "^0.34.6"
"vite": "^4.4.9"
=>"vite": "^4.5.3"
"@vitejs/plugin-react": "4.0.0"
=>"@vitejs/plugin-react": "4.2.1"
How to test this PR
yarn install
yarn npm audit
Screenshots
Current behavior
Expected behavior