Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: strf-8574, bump version of "github" package to fix security issues + refactor the related JS file #612

Merged
merged 2 commits into from
Aug 3, 2020
Merged

fix: strf-8574, bump version of "github" package to fix security issues + refactor the related JS file #612

merged 2 commits into from
Aug 3, 2020

Conversation

MaxGenash
Copy link
Contributor

What?

Bumped version of the outdated npm module "github" (which was renamed to "@octokit/rest") to fix security vulnerabilities.
The newer version of the npm module had a lot of braking changes, so I had to update our core as well (the first commit).
Also refactored the related JS file to use async/await instead of callbacks (the second commit).

Tickets / Documentation

This PR is a part of STRF-8574 (since there are going to be a lot of updates they will be split into several PRs).

@MaxGenash
Copy link
Contributor Author

Actually, the module '/lib/release.js' is pretty messy.
It would be great to refactor it further and split into several classes/modules, e.g. GitService, GitHubService, ReleaseFilesService, release.js (main function + several utils) so that it becomes easier to read and coverable with tests (at the moment the file isn’t covered with tests).

But it can be done as the next step (to lighten this PR).

@MaxGenash MaxGenash requested a review from a team August 3, 2020 16:42
@MaxGenash MaxGenash self-assigned this Aug 3, 2020
@MaxGenash MaxGenash added the dependencies Pull requests that update a dependency file label Aug 3, 2020
@junedkazi
Copy link
Contributor

@MaxGenash can you please rebase this branch.

@MaxGenash MaxGenash force-pushed the STRF-8574_Update-packages-on-Stencil-CLI-to-address-severity-issues--pr3 branch from 2feb3dd to 720fbb1 Compare August 3, 2020 17:37
@junedkazi junedkazi merged commit 52ce4ff into bigcommerce:master Aug 3, 2020
@snyk-bot snyk-bot mentioned this pull request Jan 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@junedkazi junedkazi junedkazi approved these changes

Assignees

@MaxGenash MaxGenash

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaxGenash @junedkazi