Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update basic packages and testing packages #20

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Update basic packages and testing packages #20

wants to merge 4 commits into from

Conversation

unprofessional
Copy link

@unprofessional unprofessional commented Nov 10, 2019
edited
Loading

Y'all know what this is about. No JIRA ticket for this.

Bunch of various things needed fixing beyond the package updates, so I've included them here just because:

  • Updated istanbul to nyc since the former is deprecated (with a security vulnerability warning in a child package)
  • Updated mocha so had to include a useUnifiedTopology flag in the default connection
  • Updated package.json with contributors (incomplete -- feel free to add the others who I couldn't find emails for)
  • Check if test file exists and delete if so (previously we weren't which was causing failing tests on subsequent test runs)
  • Made yarn test:coverage and yarn test:check-coverage work (previously they failed to call yarn pretest properly)

SECURITY VULNERABILITIES RESOLVED:
For the record, you can check what child packages belong to parent packages by doing npm ls ${childPackage}

  • Updated mongoose
  • Removed the explicit debug since we weren't using it (nor was nyc using it)
  • Switching to current nyc has an updated handlebars thereby satisfying the version requirement
  • Updated eslint
  • Updating mocha satisfies version requirement for diff
  • Updating eslint-watch satisfies version requirement for braces
  • Updating commitizen, mocha, coveralls, and adding nyc satisfied version requirements for js-yaml
  • Updating coveralls satisfies version requirement for tunnel-agent
  • fstream removed (was a child of one of the packages I removed)
  • Vulnerable child version of tar removed (was a child of one of the packages I removed) -- current child from bcrypt is well above the minimum required version (min req: 2.2.2, current remaining: 4.4.10)
  • Updating express-validation satisfied child version of lodash
    • TODO: Must update express-winston, but moving from v2 to v4 requires a Winston migration
    • WARNING: Current commitizen version has child version of lodash at 4.17.14 which puts it under the required version 4.17.15 -- look into using an alternative (which is another migration)
  • WARNING: Current supertest version has child version of extend at 3.0.0 which puts it under the required version 3.0.2 -- consider only using supertest-as-promised instead or simply request
  • Updating commitizen satisfies minimum required version for merge

Extraneous (not sure what to do about these...):

  • stringstream
  • is-my-json-valid

@unprofessional unprofessional added bug Something isn't working enhancement New feature or request dependencies Pull requests that update a dependency file labels Nov 10, 2019
@unprofessional unprofessional self-assigned this Nov 10, 2019
@Perry5
Copy link
Contributor

Perry5 commented Nov 11, 2019

Hmm, I don't remember this PR. Haven't done work on telescoper in a while

@unprofessional
Copy link
Author

@Perry5 I just did it over the weekend for fun (and also because it needed it).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Perry5 Perry5 Awaiting requested review from Perry5

@orndorffgrant orndorffgrant Awaiting requested review from orndorffgrant

Assignees

@unprofessional unprofessional

Labels
bug Something isn't working dependencies Pull requests that update a dependency file enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@unprofessional @Perry5