Closed ngottlieb closed 1 year ago
OK, I've tackled a lot of the stuff indicated by npm audit
and some others here and will submit a PR. I suggest we make additional specific tasks to cover further upgrading, in rough order of increasing complexity:
vue-cli-plugin-apollo
, an unmaintained library, and remove if not (many of our vulnerabilities come from this)vue-cli-service
to 5.x (4->5 includes breaking changes; resolves many of our remaining audit vulnerabilities)PR awaiting review. I've done some testing of these changes and have found no problems but probably best to have this sitting on beta (once reviewed) for a bit so staff can identify anything I might have missed.
ok, this is on beta now, just going to leave it there as we test other tasks and hopefully that will identify any issues (though I don't think there are any)
I created four new tasks to track the suggestions I made above:
@ngottlieb this is not testable with me. Roll it out if and when you are confident.
Github build process on Vue app broken#2658 made it clear that we are way behind on keeping our libraries up to date. At a minimum, we should check on the PR's submitted by dependabot, but we should also look at updating other packages where possible and consider creating another task to update Node (in the codebase and on beta/prod).