Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client/ts-web: bump vulnerable subdependencies #1576

Merged
merged 2 commits into from
Dec 7, 2023
Merged

client/ts-web: bump vulnerable subdependencies #1576

merged 2 commits into from
Dec 7, 2023

Conversation

lukaw3d
Copy link
Member

@lukaw3d lukaw3d commented Dec 6, 2023

No description provided.

@lukaw3d lukaw3d requested a review from lubej December 6, 2023 20:59
@codecov Codecov
Copy link

codecov bot commented Dec 6, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (cdd5e4a) 60.41% compared to head (701c9bf) 60.41%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1576   +/-   ##
=======================================
  Coverage   60.41%   60.41%           
=======================================
  Files         139      139           
  Lines        9949     9949           
=======================================
  Hits         6011     6011           
  Misses       3896     3896           
  Partials       42       42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

pro-wh
pro-wh approved these changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@pro-wh pro-wh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • dev: true
  • I don't like babel in this codebase anyway
  • not gonna look at package-lock.json changes or dependency changelogs

@lubej
Copy link

lubej commented Dec 7, 2023

Alternative created by dependabot of 392d1e0 -> #1578

@lubej
Copy link

lubej commented Dec 7, 2023
edited
Loading

There is still this report of https://github.com/oasisprotocol/explorer/security/dependabot/41 protobufjs, which I don't see updated.

Ah I see it fixed in #1431 disregard.

Looks like we are still referencing @oasisprotocol/client@^0.1.1-alpha.1 https://github.com/oasisprotocol/explorer/blob/master/yarn.lock#L3009

Looks like this PR 01d5f9e hasn't been released because https://registry.yarnpkg.com/@oasisprotocol/client-rt/-/client-rt-0.2.1-alpha.2.tgz returns different package.json(containing "@oasisprotocol/client" "^0.1.1-alpha.1"), which does not reflect the changes on master. So all is needed is another release of @oasisprotocol/client-rt package.

@lukaw3d lukaw3d enabled auto-merge December 7, 2023 13:28
@lukaw3d lukaw3d merged commit 796bcf9 into main Dec 7, 2023
28 checks passed
@lukaw3d lukaw3d deleted the lw/ts-deps branch December 7, 2023 13:50
github-actions bot added a commit that referenced this pull request Dec 7, 2023
@github-actions
Deploy js API reference Merge pull request #1576 from oasisprotocol/l…
3d25425 
…w/ts-deps

client/ts-web: bump vulnerable subdependencies 796bcf9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pro-wh pro-wh pro-wh approved these changes

@lubej lubej lubej approved these changes

@ptrus ptrus ptrus approved these changes

@kostko kostko Awaiting requested review from kostko kostko is a code owner

@peternose peternose Awaiting requested review from peternose peternose is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lukaw3d @lubej @ptrus @pro-wh