aminlatifi
commented
4 years ago I tried to upgrade mongodb and mongoose on feather, but it's not compatible with feathersjs packages. I think upgrade them together.
Open arbreton opened 5 years ago
aminlatifi
commented
4 years ago I tried to upgrade mongodb and mongoose on feather, but it's not compatible with feathersjs packages. I think upgrade them together.
aminlatifi
commented
4 years ago Most of critical and high vulnerabilities are for obsolete packages used in our smart contract related packages (lpp-campaign, liquidpledging, etc.). Specially bridge repo is one of them which needs to its package be upgraded. @arbreton Do you have any idea about running bridge locally to test bridge repo? I tried once but I couldn't.
GriffGreen
commented
4 years ago Big move forward on mongoDB... might be easier now
GriffGreen
commented
4 years ago define a new NPM name space for Giveth....
So we can upload our packages there...
GriffGreen
commented
4 years ago 
horus2021
commented
4 years ago @aminlatifi @GriffGreen you have created a new Giveth NPM namesapce based on chats in Telegram. Does this measure help us to close this issue?
GriffGreen
commented
4 years ago SOOO MUCH WORK!!
SOO MUCH TECHNICAL DEBT!
Claim Bankruptcy...
papermache
commented
3 years ago Close this outright?
aminlatifi
commented
3 years ago @mdehghani Let's start with repos used here: https://github.com/Giveth/giveth-dapp/blob/develop/src/lib/blockchain/getNetwork.js
As discussed upgrade repos dependencies and test new versions together on feathers and giveth-dapp
https://github.com/Giveth/lpp-campaign https://github.com/Giveth/liquidpledging https://github.com/Giveth/lpp-milestone // I am not sure where this one is used https://github.com/Giveth/lpp-milestones https://github.com/Giveth/lpp-capped-milestone https://github.com/Giveth/giveth-bridge
Some dependencies the org repos might be vulnerable to certain attacks and needs to be reviewed