Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Bump some dependencies for security updates #111

Merged
merged 5 commits into from
Jan 24, 2022
Merged

Conversation

ashley-hebler
Copy link
Member

@ashley-hebler ashley-hebler commented Jan 24, 2022

What's this PR do?

Bumps the versions of

  • validator
  • jwks-rsa
  • release-it.

Also various non-breaking updates were patched with a fresh npm audit

Why are we doing this? How does it help us?

Gets rid of security vulnerabilities

How should this be manually tested?

npm install once you're shelled into the app
npm run build, then npm run start and confirm it builds

How should this change be communicated to end users?

N/A

Are there any smells or added technical debt to note?

No

What are the relevant tickets?

https://3.basecamp.com/3098728/buckets/736178/todos/4484062026

Have you done the following, if applicable:

(optional: add explanation between parentheses)

  • Added automated tests? ( )
  • Tested manually on mobile? ( )
  • Checked BrowserStack? ( )
  • Checked for performance implications? ( )
  • Checked accessibility? ( )
  • Checked for security implications? ( )
  • Updated the documentation/wiki? ( )

TODOs / next steps:

  • your TODO here

dependabot bot and others added 5 commits November 3, 2021 19:34
Bumps [validator](https://github.com/validatorjs/validator.js) from 10.11.0 to 13.7.0.
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@10.11.0...13.7.0)

---
updated-dependencies:
- dependency-name: validator
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
This library contained a nested dependency, follow-redirects,
with a high severity securtiy vulnerablilty. It appears that version 2.0.0
of jwks-rsa dropped the reliance on that dependency and the
breaking changes noted do not seem to impact our implementation of it.
This library contained a security vulnerability with shelljs and
the lastest version should get rid of that.
@ashley-hebler ashley-hebler merged commit c17e3ea into master Jan 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant