Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #112

Merged
merged 3 commits into from
Nov 2, 2023
Merged

Update dependencies #112

merged 3 commits into from
Nov 2, 2023

Conversation

nandito
Copy link
Collaborator

@nandito nandito commented Oct 31, 2023

  • Bump jslib-media: The new version removes the legacy socket.io-client, which had a few
    security issues.
  • Autofix fixable security issues by running npx yarn-audit-fix

Installing browser-sdk

Run yalc add @whereby.com/browser-sdk && npm i in a new project.

audit output
beta1 7 vulnerabilities (1 moderate, 5 high, 1 critical)
current found 0 vulnerabilities

Yarn audit

Run yarn audit in this browser-sdk repo.

Vulnerabilities found Packages audited Severity: Moderate Severity: High Severity: Critical
beta1 158 2195 73 47 38
current 55 2200 46 9 0
storybook upgrade* 10 1675 10 0 0

*Most of the remaining vulnerabilities are storybook related. I've spent some time to try to upgrade and migrate to the latest version. Most of the vulnerabilities disappeared, but everything broke (stories, tests, builds), because SB7 uses different babel/webpack configs. 😑 So I just reverted this upgrade for now.

Test plan

  1. Everything should work as before 🙈

Related task

whereby/jslib-media#29

@nandito nandito requested a review from a team October 31, 2023 14:49
@nandito nandito self-assigned this Oct 31, 2023
@nandito
Bump jslib-media version
6da1fa8 
The new version removes the legacy socket.io-client, which had a few
security issues.
@nandito
Autofix fixable security issues
36fbef0 
...by running `npx yarn-audit-fix`
@nandito nandito force-pushed the nandor/pan-428-fix-high-severity-and-critical-vulnerabilities branch from 44a4be3 to 36fbef0 Compare October 31, 2023 15:29
thyal
thyal approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@thyal thyal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍰 Nice!

@nandito nandito merged commit 963758a into development Nov 2, 2023
2 checks passed
@nandito nandito deleted the nandor/pan-428-fix-high-severity-and-critical-vulnerabilities branch November 2, 2023 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thyal thyal thyal approved these changes

Assignees

@nandito nandito

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nandito @thyal