Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: produce bare minimum dependency upgrade #3

Merged
merged 1 commit into from
Jan 24, 2025
Merged

feat: produce bare minimum dependency upgrade #3

merged 1 commit into from
Jan 24, 2025

Conversation

ChasNelson1990
Copy link
Member

@ChasNelson1990 ChasNelson1990 commented Jan 23, 2025
edited
Loading

Description

Before:

163 vulnerabilities (1 low, 126 moderate, 33 high, 3 critical)

After:

2 moderate severity vulnerabilities

Dependency Changes

I have basically manually gone through all the dependencies and found the most recent ones we can use that are compatible with:

  1. webpack v5
  2. compiling to old-style (pre-2015) JS
  3. the frictionless.js blob we use
  4. the giftless-cli latest dependency

Testing

I have tested this as part of a ZaRR local dev environment with no issues.

Checklist

  • The GitHub ticket for this issue has been updated to "Ready to Review" or equivalent.
  • I have developed these changes in discussion with the appropriate project manager.
  • My code follows the general Fjelltopp documentation (see Confluence).
  • I have made corresponding changes to the Fjelltopp documentation (see Confluence).
  • I have rebased this branch with master.
  • New dependency changes have been committed.
  • I have added automated tests that prove my fix is effective or that my feature works.
  • New and existing tests pass locally with my changes.
  • My changes generate no new warnings.
  • I have performed a self-review of my own code.
  • I have assigned at least one reviewer.
  • I have assigned at least one label to this PR: "patch", "minor", "major".

@ChasNelson1990 ChasNelson1990 added enhancement New feature or request minor labels Jan 23, 2025
@ChasNelson1990 ChasNelson1990 self-assigned this Jan 23, 2025
jonathansberry
jonathansberry previously approved these changes Jan 24, 2025
View reviewed changes
Copy link
Member

@jonathansberry jonathansberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Base automatically changed from feat-make-it-so to main January 24, 2025 09:13
@ChasNelson1990 ChasNelson1990 dismissed jonathansberry’s stale review January 24, 2025 09:13

The base branch was changed.

@ChasNelson1990 ChasNelson1990 force-pushed the fix-produce-bare-minimum-dependency-upgrade branch from 8efa8db to 4910ba8 Compare January 24, 2025 09:19
@ChasNelson1990 ChasNelson1990 merged commit 3524b02 into main Jan 24, 2025
2 checks passed
@ChasNelson1990 ChasNelson1990 deleted the fix-produce-bare-minimum-dependency-upgrade branch January 24, 2025 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathansberry jonathansberry jonathansberry approved these changes

@cooper667 cooper667 Awaiting requested review from cooper667

Assignees

@ChasNelson1990 ChasNelson1990

Labels
enhancement New feature or request minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ChasNelson1990 @jonathansberry