updating all gem and js dependencies for the main branch

CDLUC3 / dmptool

DMPTool version of the DMPRoadmap codebase

https://dmptool.org

MIT License

59 stars 13 forks source link

updating all gem and js dependencies for the main branch #630

Closed briri closed 4 months ago

briri commented 4 months ago

Just updating the main branch for all gem and JS dependencies to address Dependabot alerts

github-actions[bot] commented 4 months ago

	1 Warning
:warning:	This PR is too big! Consider breaking it down into smaller PRs.

Generated by :no_entry_sign: Danger

jupiter007 commented 4 months ago

@briri , I ran the command "npm audit fix --force", and noticed that it updated "puppeteer" to "^22.13.0" and tinymce version to "^7.2.1". I looked those packages up, and it does appear that the versions we are using now have some vulnerabilities. Also, "pa11y" and "pa11y-ci" versions were updated.

I know that we are not using the main branch, but I figured while you're in there we could also make those updates.

briri commented 4 months ago

ok agreed. I updated TinyMCE and Puppeteer and then I removed the devDependencies. They're not used

Jasmine and Mocha, there were only a few JS tests in the Rails (not React) code and they are never run
ESLint we don't run it against the Rails JS app/javascript
Pa11y we don't really use it anymore. It only checked the public facing pages and we had a thorough accessibility test for those pages with UCOP

I ran yarn audit and it is happy now

jupiter007 commented 4 months ago

Thanks Brian