Upgrade storybook & other outdated dependencies (#7681)

opencrvs · Sep 30, 2024 · 575a7e0 · 575a7e0
1 parent ac92ac7
commit 575a7e0
Show file tree

Hide file tree

Showing 8 changed files with 1,789 additions and 909 deletions.
diff --git a/.github/workflows/build-images-from-branch.yml b/.github/workflows/build-images-from-branch.yml
@@ -114,7 +114,11 @@ jobs:
           cache-to: type=inline
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        # Skip temporarily for non-develop branches because of
+        # a TOOMANYREQUESTS error failing the check
+        # https://github.com/aquasecurity/trivy/discussions/7591
+        if: ${{ needs.base.outputs.branch == 'develop' }}
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: 'opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.version }}'
           trivy-config: trivy.yaml
diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
@@ -142,7 +142,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: 'fs'
           scan-ref: '.'

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -102,7 +102,7 @@ jobs:
             .trivyignore.yaml
           sparse-checkout-cone-mode: false
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: 'opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.version }}'
           trivy-config: trivy.yaml
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -53,3 +53,13 @@ vulnerabilities:
     statement: Transitive dependency of lint-staged, jest and msw. Not running in production. Likely fixed by upgrading.
   - id: CVE-2024-37890
     statement: ws vulnerability, transitive dependency of jest, storybook, graphql-codegen, not running in production.
+  - id: CVE-2024-45296
+    statement: Transitive dependency of react-router 5.3.4. Only affects client-side code ocrvs-7682
+  - id: CVE-2024-47068
+    statement: Transitive dependency of Vite. Not run in production and there is currently no fix.
+  - id: CVE-2024-7254
+    statement: Metabase v0.46 vulnerability, fixed in Metabase v0.50 ocrvs-6607
+  - id: CVE-2024-41909
+    statement: Metabase v0.46 vulnerability, fixed in Metabase v0.50 ocrvs-6607
+  - id: CVE-2024-22871
+    statement: Metabase v0.46 vulnerability, fixed in Metabase v0.50 ocrvs-6607
diff --git a/packages/client/package.json b/packages/client/package.json
@@ -93,7 +93,7 @@
     "sanitize-html": "^2.4.0",
     "styled-components": "^5.2.0",
     "tsconfig-paths": "^3.13.0",
-    "vite": "^5.0.0",
+    "vite": "^5.4.8",
     "vite-plugin-svgr": "^0.6.0",
     "vite-tsconfig-paths": "^3.5.0",
     "webfontloader": "^1.6.28",

diff --git a/packages/components/.storybook/main.ts b/packages/components/.storybook/main.ts
@@ -14,12 +14,6 @@ import type { StorybookConfig } from '@storybook/react-vite'
 const viteFinal = async (config: Record<string, any>) => {
   // return the customized config
   return mergeConfig(config, {
-    // customize the Vite config here
-    resolve: {
-      alias: {
-        crypto: 'crypto-js'
-      }
-    },
     build: {
       minify: false,
       sourcemap: false

diff --git a/packages/components/package.json b/packages/components/package.json
@@ -6,7 +6,7 @@
   "license": "MPL-2.0",
   "private": true,
   "dependencies": {
-    "@storybook/core-server": "^7.0.2",
+    "@storybook/core-server": "^7.6.17",
     "css-animation": "^2.0.4",
     "jest": "27.5.1",
     "patch-package": "^6.1.2",
@@ -47,16 +47,16 @@
     ]
   },
   "devDependencies": {
-    "@storybook/addon-a11y": "^7.0.2",
-    "@storybook/addon-actions": "^7.0.2",
-    "@storybook/addon-docs": "^7.0.2",
-    "@storybook/addon-essentials": "^7.0.2",
-    "@storybook/addon-links": "^7.0.2",
-    "@storybook/manager-api": "^7.0.2",
-    "@storybook/node-logger": "^7.0.2",
-    "@storybook/react": "^7.0.2",
-    "@storybook/react-vite": "^7.0.2",
-    "@storybook/theming": "^7.0.2",
+    "@storybook/addon-a11y": "^7.6.17",
+    "@storybook/addon-actions": "^7.6.17",
+    "@storybook/addon-docs": "^7.6.17",
+    "@storybook/addon-essentials": "^7.6.17",
+    "@storybook/addon-links": "^7.6.17",
+    "@storybook/manager-api": "^7.6.17",
+    "@storybook/node-logger": "^7.6.17",
+    "@storybook/react": "^7.6.17",
+    "@storybook/react-vite": "^7.6.17",
+    "@storybook/theming": "^7.6.17",
     "@types/jest": "^26.0.14",
     "@types/lodash": "^4.14.126",
     "@types/node": "^10.12.5",
@@ -76,7 +76,7 @@
     "lint-staged": "^15.0.0",
     "prettier": "2.8.8",
     "rimraf": "^5.0.0",
-    "storybook": "^7.0.2",
+    "storybook": "^7.6.17",
     "stylelint": "^14.11.0",
     "stylelint-config-recommended": "^9.0.0",
     "stylelint-config-styled-components": "^0.1.1",

diff --git a/yarn.lock b/yarn.lock