Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update deps #2075

Merged
merged 1 commit into from
Jun 22, 2022
Merged

update deps #2075

merged 1 commit into from
Jun 22, 2022

Conversation

chohmann
Copy link
Contributor

@chohmann chohmann commented Jun 22, 2022
edited
Loading

Addresses #2010

Summary

Bump dependencies to fix critical + high security vulnerabilities.

There was only one high security vulnerability that we can't fix completely and that's the ansi-regex one. I was able to at least get off of the really only version that caused this one. But some of our deps that use 5.0.0 are on their latest version so they haven't updated to not use 5.0.0 version of ansi-regex yet.

Checklist

  • The basics
    • I tested these changes manually in my local or dev environment
  • Tests
    • Added or updated
    • N/A
  • Event Tracking
    • I added event tracking and followed the event tracking guidelines
    • N/A
  • Error Reporting
    • I reported errors and followed the error reporting guidelines
    • N/A

@chohmann chohmann requested a review from a team as a code owner June 22, 2022 18:55
@chohmann chohmann requested review from daniel-white and removed request for a team June 22, 2022 18:55
chohmann
chohmann commented Jun 22, 2022
View reviewed changes
package.json
@@ -54,11 +54,11 @@
"http-string-parser": "^0.0.6",
"husky": "^4.3.8",
"jest": "^27.2.5",
"lerna": "^4.0.0",
"lerna": "5.1.4",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was the only change that scared me a little since it's a big jump. But I think we only use lerna for releasing, so not sure how to test this prior to trying to release a new version of Prism 😬

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like we wouldn't be affected: https://github.com/lerna/lerna/blob/main/CHANGELOG.md#breaking-changes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! Hadn't gotten around to looking at the docs for this just yet. That's promising!

@chohmann chohmann merged commit cd735b0 into master Jun 22, 2022
@chohmann chohmann deleted the fix/2010-bump-prism-deps branch June 22, 2022 19:16
@chohmann chohmann mentioned this pull request Jun 22, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-white daniel-white daniel-white approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@chohmann @daniel-white