Snyk: videx-wellog - August 2024

[GuillaumeVix]

Description

Recurring task to fix videx-wellog vulnerabilities.

Have a look at the equinor/videx-wellog vulnearibilities

• examples/storybook/package.json
• package.json
• Code Analysis

How to test

Repository equinor/videx-wellog vulnearibilities should not have vulnerabilities equal or above 'Medium'.

Acceptance criteria

1. Videx-wellog repository does not have any detected vulnerability equal or above 'Medium' (only 'low' are discarded)

[VRiveland]

Replaced some packages

jsdom => jest-environment-jsdom

This is the preferred way of setting up tests using jsdom, according to the jest docks

rollup-plugin-terser =>@rollup/plugin-terser

The former is deprecated.

Some packages can't be updated yet

Eslint, same as in REP main repo, have to wait until the plugins support v9

Eslint-config-airbnb-base are working on it https://github.com/airbnb/javascript/issues/2961 Eslint-config-airbnb-typescript are working on it, but have to wait for the base before they can complete their tasks https://github.com/iamturns/eslint-config-airbnb-typescript/issues/331 Eslint-formatter-table - not working on it, hasn't been published in 3 years. I suggest we remove this dependency. eslint-plugin-import - might be working on it https://github.com/import-js/eslint-plugin-import/issues/2948

Jest

v30 is in alpha stages, so the version we're using is still considered latest. Hopefully they update soon. The issues caused by jest are only medium severity though, so not too much of an issue yet.

copyfiles

Only medium severity issue, but the package also hasn't been updated in 4 years. Should any more serius issues appear we might want to consider replacing it.