Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update additional dependencies #1020

Merged
merged 4 commits into from
Oct 30, 2023
Merged

Update additional dependencies #1020

merged 4 commits into from
Oct 30, 2023

Conversation

enykeev
Copy link
Member

@enykeev enykeev commented Oct 28, 2023
edited
Loading

  • moment is reported by Snyk as vulnerable and an be safely updated to the next minor version
  • lodash.template is reported by Snyk as vulnerable. It's also not being used anywhere in code and can be safely deleted.
  • react-textarea-autosize seem to be breaking CI by attempting to evaluate global variable that is not available in all environments. It can not be updated to the latest version, but it could safely updated to previous major version.
  • postcss is updated to v8, but given how testing is implemented, it might need careful manual inspection to ensure no degradation happened
  • express was removed. We don't use it anywhere directly.

I've also attempted to update axios as it's also reported as being vulnerable by Snyk, but the package transitioned to using ESM and is incompatible with our current build system.

@arm4b arm4b added this to the 3.8.1 milestone Oct 28, 2023
arm4b
arm4b reviewed Oct 28, 2023
View reviewed changes
Copy link
Member

@arm4b arm4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Please also mention it in the Changelog

@enykeev enykeev marked this pull request as ready for review October 29, 2023 20:14
@arm4b arm4b requested a review from a team October 30, 2023 11:59
@arm4b arm4b enabled auto-merge October 30, 2023 12:00
@arm4b arm4b mentioned this pull request Oct 30, 2023
Closed
13 tasks
@arm4b arm4b merged commit baa16d8 into StackStorm:master Oct 30, 2023
@arm4b arm4b mentioned this pull request Nov 10, 2023
Closed
13 tasks
@arm4b arm4b mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cognifloyd cognifloyd cognifloyd approved these changes

@arm4b arm4b arm4b approved these changes

Assignees
No one assigned
Labels
enhancement security
Projects
None yet
Milestone
3.8.1
Development

Successfully merging this pull request may close these issues.
3 participants
@enykeev @arm4b @cognifloyd