Skip to content

Upgrade dependencies#149

Merged
nguyenkims merged 4 commits intomasterfrom
chore/upgrade-dependencies
Jun 3, 2022
Merged

Upgrade dependencies#149
nguyenkims merged 4 commits intomasterfrom
chore/upgrade-dependencies

Conversation

@cquintana92
Copy link
Collaborator

@cquintana92 cquintana92 commented May 27, 2022
edited
Loading

This PR performs the following changes:

  1. Upgrades some dependencies to the latest version.
  2. Adapt the webpack.config.js to the upgrades. (mostly the CopyWebpackPlugin).
  3. Upgrades the .jshintrc esversion (we were already using version 9 features and the IDE complained about it, so the only change it does is suppress these warnings).
  4. Fix lint issues that arised due to (2).
  5. Removed an unused and unmantained dependency (vue-textarea-autosize).

A dependency that could not be upgraded to the latest version is webpack (it has only been upgraded to v4), as some dependencies only support up to webpack 4, and crash if used with webpack v5.

There are still a few high severity vulns due to the aforementioned libs that only support webpack 4. They can be reviewed in the future.

λ npm audit
# npm audit report

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install webpack@5.72.1, which is a breaking change
node_modules/watchpack-chokidar2/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/watchpack-chokidar2/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.46.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack

5 high severity vulnerabilities

This PR closes:

@cquintana92 cquintana92 added the dependencies Pull requests that update a dependency file label May 27, 2022
nguyenkims
nguyenkims approved these changes May 27, 2022
View reviewed changes
Copy link
Contributor

@nguyenkims nguyenkims left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just left a question

@cquintana92 cquintana92 force-pushed the chore/upgrade-dependencies branch from 6438ce4 to 297ef45 Compare June 3, 2022 12:55
nguyenkims
nguyenkims approved these changes Jun 3, 2022
View reviewed changes
Copy link
Contributor

@nguyenkims nguyenkims left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@nguyenkims nguyenkims merged commit 29046e2 into master Jun 3, 2022
@cquintana92 cquintana92 added the enhancement New feature or request label Jun 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nguyenkims nguyenkims nguyenkims approved these changes

@acasajus acasajus Awaiting requested review from acasajus acasajus is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cquintana92 @nguyenkims