[x] The title includes the type of change [HOTFIX, FEATURE, etc]
[x] The PR title includes the ticket number in format of [NRPTI-###]
[x] Documentation is updated to reflect change
Description
This PR includes the following proposed change(s):
There were 17 critical vulnerabilities identified by npm audit. 14 of those have been addressed by the changes listed below.
Updated babel translator packages (dependency of jest)
Updated express version
Running npm audit fix applied non-breaking updates to several other packages
Not Done:
Update mongoose to >=5.13.20
Despite showing no breaking changes, updating to >=5.13.4 causes 2 test suites (nris datasource tests) to not run. They fail with the error require-at: not a directory: <my-project-dir>/api. The actual functionality that these tests describe appear to all work as intended on this version, but I was unable to diagnose what was causing the tests to fail.
This thread shows testers of the reported vulnerability unable to reproduce its affects. Given the time already invested in trying to resolve, and the evidence that the reported vulnerability is not actually 'critical', I am leaving this update undone.
Pull Request Standards
HOTFIX
,FEATURE
,etc
][NRPTI-###]
Description
This PR includes the following proposed change(s): There were 17 critical vulnerabilities identified by
npm audit
. 14 of those have been addressed by the changes listed below.npm audit fix
applied non-breaking updates to several other packagesNot Done:
Update mongoose to >=5.13.20
require-at: not a directory: <my-project-dir>/api
. The actual functionality that these tests describe appear to all work as intended on this version, but I was unable to diagnose what was causing the tests to fail.Update BSON to >=1.1.4