Open getvictor opened 3 months ago
@lukeheath
Notes from the discussion we had today mostly around YAML 1.1 vs 1.2:
yes/no/on/off
as booleans.yes/no/on/off
for booleans. (TODO: confirm.)/cc @noahtalerman @getvictor
@getvictor @lucasmrod Thanks for creating this ticket! I'm on board with keeping dependencies up to date. Moving to YAML 1.2 makes sense to me, but because it would have user-facing implications, I'm adding this to the feature fest board so @noahtalerman can consider the impact and when it makes sense to bring it into drafting. If either of y'all can attend the next feature fest, it would help get it prioritized, as I imagine Noah will have questions.
Hey @lukeheath! I met w/ @lucasmrod and @getvictor.
Makes sense to bring this the YAML update as it's own story through feature fest.
- It seems nowhere in our docs we advice to use yes/no/on/off for booleans. (TODO: confirm.)
- Will Fleet break if we drop support for yaml 1.1 and a user is using yamls 1.1? (TODO: check.)
Plan is to update to YAML 1.2 if (1) from the above is confirmed and we know we won't break any of Fleet's interfaces.
If that's not the case, we'll reconsider making the update.
Hey @getvictor and @lucasmrod do we have a separate story for the YAML update? I think we decided to bring only the YAML update through feature fest.
We should schedule a task to update our code library dependencies regularly (once a quarter?) for:
Go Frontend fleetd-chrome others?
This story sounds like a new engineering initiated ritual. Removing this issue from feature fest and adding ~engineering-initiated
so that it gets in Luke's queue. I think up to @lukeheath to prioritize.
@sharon-fdm I am prioritizing this story for estimation. Per @noahtalerman's notes, please update this story to cover everything except the dependencies that require us to update to YAML 1.2. Then, create a separate story for the YAML 1.2 updates and bring that to feature fest. Thanks!
@lukeheath I need to double-check but I believe the vulnerable libs will require YAML 1.2. Will keep this ticket updated with the discussion.
@sharon-fdm I was confused, I just chatted with Noah on Feature Fest. We only need to take through product if there is a customer-facing change. If not, we can update within engineering.
@sharon-fdm I removed the frontend portion of the dependencies because there is less security risk there, and there's no strong reason to spend so much effort updating frontend dependencies right now.
The backend estimates are a bit more manageable though, and also present a higher security risk, so this is still worth considering. I am not prioritizing right now in favor of other work.
@lukeheath makes sense. We can start with the backend deps.
I calculated libyear for our dependencies. libyear is the cumulative age of our dependencies (compared to their current stable releases).
component | libyear |
---|---|
Backend | 132.87 |
Frontend | 247.03 |
fleetd-chrome | 21.55 |
Most out-of-date frontend dependency (7.66 libyears): classnames Most out-of-date backend dependency (5.28 libyears): etree
Frontend report
┌─────────┬───────────────────────────────────────────────────────┬───────┬───────┬──────────┬───────┬───────┬───────┬────────────────┐
│ (index) │ dependency │ drift │ pulse │ releases │ major │ minor │ patch │ available │
├─────────┼───────────────────────────────────────────────────────┼───────┼───────┼──────────┼───────┼───────┼───────┼────────────────┤
│ 0 │ '@babel/cli' │ 2.18 │ 0.05 │ 18 │ 0 │ 7 │ 11 │ '7.24.5' │
│ 1 │ '@babel/core' │ 1.74 │ 0.05 │ 40 │ 0 │ 6 │ 34 │ '7.24.5' │
│ 2 │ '@babel/plugin-proposal-class-properties' │ 0.49 │ 1.12 │ 2 │ 0 │ 2 │ 0 │ '7.18.6' │
│ 3 │ '@babel/plugin-proposal-decorators' │ 2.11 │ 0.11 │ 33 │ 0 │ 7 │ 26 │ '7.24.1' │
│ 4 │ '@babel/plugin-proposal-do-expressions' │ 2.21 │ 0.11 │ 4 │ 0 │ 4 │ 0 │ '7.24.1' │
│ 5 │ '@babel/plugin-proposal-export-default-from' │ 2.21 │ 0.11 │ 8 │ 0 │ 5 │ 3 │ '7.24.1' │
│ 6 │ '@babel/plugin-proposal-export-namespace-from' │ 0.54 │ 1.12 │ 3 │ 0 │ 2 │ 1 │ '7.18.9' │
│ 7 │ '@babel/plugin-proposal-function-bind' │ 2.21 │ 0.11 │ 6 │ 0 │ 4 │ 2 │ '7.24.1' │
│ 8 │ '@babel/plugin-proposal-function-sent' │ 2.21 │ 0.11 │ 6 │ 0 │ 5 │ 1 │ '7.24.1' │
│ 9 │ '@babel/plugin-proposal-json-strings' │ 0.49 │ 1.12 │ 2 │ 0 │ 2 │ 0 │ '7.18.6' │
│ 10 │ '@babel/plugin-proposal-logical-assignment-operators' │ 0.97 │ 1.12 │ 4 │ 0 │ 3 │ 1 │ '7.20.7' │
│ 11 │ '@babel/plugin-proposal-nullish-coalescing-operator' │ 0.49 │ 1.12 │ 2 │ 0 │ 2 │ 0 │ '7.18.6' │
│ 12 │ '@babel/plugin-proposal-numeric-separator' │ 0.49 │ 1.12 │ 1 │ 0 │ 1 │ 0 │ '7.18.6' │
│ 13 │ '@babel/plugin-proposal-optional-chaining' │ 1.14 │ 1.12 │ 5 │ 0 │ 4 │ 1 │ '7.21.0' │
│ 14 │ '@babel/plugin-proposal-pipeline-operator' │ 2.07 │ 0.11 │ 8 │ 0 │ 4 │ 4 │ '7.24.1' │
│ 15 │ '@babel/plugin-proposal-throw-expressions' │ 2.21 │ 0.11 │ 4 │ 0 │ 4 │ 0 │ '7.24.1' │
│ 16 │ '@babel/plugin-syntax-dynamic-import' │ 0 │ 4.34 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 17 │ '@babel/plugin-syntax-import-meta' │ 0 │ 3.88 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 18 │ '@babel/preset-env' │ 1 │ 0.05 │ 24 │ 0 │ 3 │ 21 │ '7.24.5' │
│ 19 │ '@babel/preset-react' │ 1.72 │ 0.11 │ 6 │ 0 │ 3 │ 3 │ '7.24.1' │
│ 20 │ '@babel/preset-typescript' │ 0.89 │ 0.11 │ 7 │ 0 │ 3 │ 4 │ '7.24.1' │
│ 21 │ '@storybook/addon-a11y' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 22 │ '@storybook/addon-actions' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 23 │ '@storybook/addon-designs' │ 0.71 │ 0.04 │ 6 │ 1 │ 0 │ 5 │ '8.0.1' │
│ 24 │ '@storybook/addon-essentials' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 25 │ '@storybook/addon-links' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 26 │ '@storybook/addon-mdx-gfm' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 27 │ '@storybook/react-webpack5' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 28 │ '@storybook/react' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 29 │ '@storybook/test-runner' │ 0.76 │ 0 │ 8 │ 0 │ 5 │ 3 │ '0.18.0' │
│ 30 │ '@testing-library/jest-dom' │ 0.24 │ 0.04 │ 3 │ 0 │ 0 │ 3 │ '6.4.5' │
│ 31 │ '@testing-library/react' │ 0.07 │ 0.03 │ 5 │ 0 │ 0 │ 5 │ '15.0.7' │
│ 32 │ '@testing-library/user-event' │ 0 │ 0.38 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 33 │ '@tsconfig/recommended' │ 3.66 │ 0.11 │ 5 │ 0 │ 0 │ 5 │ '1.0.6' │
│ 34 │ '@types/chrome' │ 0.96 │ 0.02 │ 31 │ 0 │ 0 │ 31 │ '0.0.268' │
│ 35 │ '@types/classnames' │ 4.43 │ 3.07 │ 14 │ 1 │ 1 │ 12 │ '2.3.1' │
│ 36 │ '@types/dompurify' │ 0.55 │ 0.53 │ 3 │ 0 │ 0 │ 3 │ '3.0.5' │
│ 37 │ '@types/expect' │ 1.69 │ 4.53 │ 2 │ 1 │ 0 │ 1 │ '24.3.0' │
│ 38 │ '@types/file-saver' │ 1.82 │ 0.53 │ 2 │ 0 │ 0 │ 2 │ '2.0.7' │
│ 39 │ '@types/jest' │ 0 │ 0.29 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 40 │ '@types/js-md5' │ 2.33 │ 0.53 │ 3 │ 0 │ 1 │ 2 │ '0.7.2' │
│ 41 │ '@types/js-yaml' │ 1.97 │ 0.52 │ 4 │ 0 │ 0 │ 4 │ '4.0.9' │
│ 42 │ '@types/lodash' │ 2.22 │ 0 │ 28 │ 0 │ 1 │ 27 │ '4.17.4' │
│ 43 │ '@types/memoize-one' │ 0 │ 4.55 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 44 │ '@types/mocha' │ 5.8 │ 0.48 │ 32 │ 5 │ 4 │ 23 │ '10.0.6' │
│ 45 │ '@types/node' │ 2.24 │ 0.01 │ 642 │ 5 │ 36 │ 601 │ '20.12.12' │
│ 46 │ '@types/prop-types' │ 2.71 │ 0.15 │ 8 │ 0 │ 0 │ 8 │ '15.7.12' │
│ 47 │ '@types/react-dom' │ 1 │ 0.06 │ 26 │ 0 │ 1 │ 25 │ '18.3.0' │
│ 48 │ '@types/react-router' │ 0.93 │ 1.4 │ 66 │ 2 │ 2 │ 62 │ '5.1.20' │
│ 49 │ '@types/react-select' │ 3.19 │ 2.63 │ 79 │ 4 │ 1 │ 74 │ '5.0.1' │
│ 50 │ '@types/react-table' │ 2.41 │ 0.16 │ 13 │ 0 │ 0 │ 13 │ '7.7.20' │
│ 51 │ '@types/react-tabs' │ 0.32 │ 2.08 │ 6 │ 1 │ 0 │ 5 │ '5.0.5' │
│ 52 │ '@types/react-tooltip' │ 0 │ 4.05 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 53 │ '@types/react' │ 0.18 │ 0.02 │ 19 │ 0 │ 1 │ 18 │ '18.3.2' │
│ 54 │ '@types/sockjs-client' │ 2.34 │ 0.52 │ 3 │ 0 │ 0 │ 3 │ '1.5.4' │
│ 55 │ '@types/uuid' │ 2.05 │ 0.31 │ 9 │ 1 │ 0 │ 8 │ '9.0.8' │
│ 56 │ '@types/validator' │ 0.26 │ 0.02 │ 1 │ 0 │ 0 │ 1 │ '13.11.10' │
│ 57 │ '@typescript-eslint/eslint-plugin' │ 1.09 │ 0 │ 62 │ 2 │ 34 │ 26 │ '7.9.0' │
│ 58 │ '@typescript-eslint/parser' │ 1.09 │ 0 │ 62 │ 2 │ 34 │ 26 │ '7.9.0' │
│ 59 │ 'ace-builds' │ 3.85 │ 0.01 │ 79 │ 0 │ 29 │ 50 │ '1.33.2' │
│ 60 │ 'autoprefixer' │ 0 │ 0.16 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 61 │ 'axios' │ 0.38 │ 0.02 │ 8 │ 0 │ 0 │ 8 │ '1.6.8' │
│ 62 │ 'babel-core' │ 0.45 │ 6.06 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 63 │ 'babel-eslint' │ 1.5 │ 4.22 │ 5 │ 1 │ 1 │ 3 │ '10.1.0' │
│ 64 │ 'babel-jest' │ 0.91 │ 0.01 │ 15 │ 0 │ 5 │ 10 │ '29.7.0' │
│ 65 │ 'babel-loader' │ 1.71 │ 0.86 │ 9 │ 1 │ 2 │ 6 │ '9.1.3' │
│ 66 │ 'babel-plugin-dynamic-import-node' │ 0 │ 4.07 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 67 │ 'bourbon' │ 4.51 │ 1.31 │ 5 │ 2 │ 3 │ 0 │ '7.3.0' │
│ 68 │ 'classnames' │ 7.66 │ 0.38 │ 8 │ 0 │ 3 │ 5 │ '2.5.1' │
│ 69 │ 'core-js' │ 1.68 │ 0.01 │ 31 │ 0 │ 12 │ 19 │ '3.37.1' │
│ 70 │ 'css-loader' │ 1.32 │ 0.1 │ 10 │ 1 │ 5 │ 4 │ '7.1.1' │
│ 71 │ 'date-fns' │ 2.22 │ 0.16 │ 19 │ 1 │ 8 │ 10 │ '3.6.0' │
│ 72 │ 'dompurify' │ 1.01 │ 0.02 │ 12 │ 0 │ 1 │ 11 │ '3.1.3' │
│ 73 │ 'es6-object-assign' │ 0 │ 7.16 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 74 │ 'es6-promise' │ 0 │ 4.94 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 75 │ 'esbuild-loader' │ 2.21 │ 0.19 │ 12 │ 2 │ 6 │ 4 │ '4.1.0' │
│ 76 │ 'eslint-config-airbnb' │ 4.42 │ 2.39 │ 15 │ 4 │ 4 │ 7 │ '19.0.4' │
│ 77 │ 'eslint-config-prettier' │ 1.75 │ 0.46 │ 7 │ 1 │ 6 │ 0 │ '9.1.0' │
│ 78 │ 'eslint-import-resolver-webpack' │ 5.43 │ 0.57 │ 15 │ 0 │ 3 │ 12 │ '0.13.8' │
│ 79 │ 'eslint-plugin-import' │ 1.94 │ 0.42 │ 11 │ 0 │ 4 │ 7 │ '2.29.1' │
│ 80 │ 'eslint-plugin-jest' │ 6.96 │ 0.04 │ 265 │ 8 │ 105 │ 152 │ '28.5.0' │
│ 81 │ 'eslint-plugin-jsx-a11y' │ 6.33 │ 0.54 │ 22 │ 1 │ 8 │ 13 │ '6.8.0' │
│ 82 │ 'eslint-plugin-prettier' │ 2.39 │ 0.35 │ 10 │ 2 │ 3 │ 5 │ '5.1.3' │
│ 83 │ 'eslint-plugin-react-hooks' │ 2.46 │ 0 │ 5 │ 0 │ 3 │ 2 │ '4.6.2' │
│ 84 │ 'eslint-plugin-react' │ 2 │ 0.17 │ 23 │ 0 │ 5 │ 18 │ '7.34.1' │
│ 85 │ 'eslint-plugin-storybook' │ 0.99 │ 0.25 │ 6 │ 0 │ 2 │ 4 │ '0.8.0' │
│ 86 │ 'eslint' │ 2.76 │ 0.04 │ 65 │ 2 │ 59 │ 4 │ '9.2.0' │
│ 87 │ 'expect' │ 7.2 │ 0.01 │ 109 │ 9 │ 44 │ 56 │ '29.7.0' │
│ 88 │ 'express' │ 0 │ 0.14 │ 0 │ 0 │ 0 │ 0 │ '5.0.0-beta.3' │
│ 89 │ 'file-saver' │ 2.66 │ 3.49 │ 5 │ 1 │ 0 │ 4 │ '2.0.5' │
│ 90 │ 'fork-ts-checker-webpack-plugin' │ 1.91 │ 0.55 │ 26 │ 3 │ 3 │ 20 │ '9.0.2' │
│ 91 │ 'history' │ 5.84 │ 2.23 │ 34 │ 3 │ 15 │ 16 │ '5.3.0' │
│ 92 │ 'html-webpack-plugin' │ 2.15 │ 0.41 │ 5 │ 0 │ 1 │ 4 │ '5.6.0' │
│ 93 │ 'identity-obj-proxy' │ 0 │ 7.79 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 94 │ 'ignore-styles' │ 0 │ 7.72 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 95 │ 'isomorphic-fetch' │ 0 │ 3.65 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 96 │ 'jest-environment-jsdom-sixteen' │ 1.11 │ 3.07 │ 1 │ 1 │ 0 │ 0 │ '2.0.0' │
│ 97 │ 'jest-environment-jsdom' │ 0.91 │ 0.01 │ 15 │ 0 │ 5 │ 10 │ '29.7.0' │
│ 98 │ 'jest' │ 0.91 │ 0.01 │ 15 │ 0 │ 5 │ 10 │ '29.7.0' │
│ 99 │ 'js-md5' │ 5.81 │ 0.6 │ 4 │ 0 │ 1 │ 3 │ '0.8.3' │
│ 100 │ 'js-yaml' │ 0.35 │ 3.09 │ 2 │ 1 │ 1 │ 0 │ '4.1.0' │
│ 101 │ 'jsdom' │ 2.47 │ 0.32 │ 21 │ 8 │ 5 │ 8 │ '24.0.0' │
│ 102 │ 'json-loader' │ 0 │ 6.82 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 103 │ 'lodash' │ 0 │ 3.23 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 104 │ 'memoize-one' │ 0.49 │ 2.57 │ 1 │ 1 │ 0 │ 0 │ '6.0.0' │
│ 105 │ 'mini-css-extract-plugin' │ 1.08 │ 0.08 │ 5 │ 0 │ 2 │ 3 │ '2.9.0' │
│ 106 │ 'msw' │ 1.59 │ 0.02 │ 61 │ 2 │ 8 │ 51 │ '2.3.0' │
│ 107 │ 'node-bourbon' │ 0 │ 8.15 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 108 │ 'node-sass-glob-importer' │ 0 │ 0.88 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 109 │ 'node-sass' │ 0.52 │ 0.99 │ 1 │ 1 │ 0 │ 0 │ '9.0.0' │
│ 110 │ 'normalizr' │ 0 │ 2.16 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 111 │ 'postcss-loader' │ 2.79 │ 0.22 │ 26 │ 4 │ 9 │ 13 │ '8.1.1' │
│ 112 │ 'prettier' │ 3.18 │ 0.28 │ 33 │ 1 │ 8 │ 24 │ '3.2.5' │
│ 113 │ 'prop-types' │ 0 │ 2.36 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 114 │ 'proxy-middleware' │ 0 │ 8.56 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 115 │ 'rc-pagination' │ 5.69 │ 0.39 │ 87 │ 3 │ 16 │ 68 │ '4.0.4' │
│ 116 │ 'react-accessible-accordion' │ 0.71 │ 2.08 │ 2 │ 2 │ 0 │ 0 │ '5.0.0' │
│ 117 │ 'react-ace' │ 3.14 │ 0.15 │ 9 │ 2 │ 3 │ 4 │ '11.0.1' │
│ 118 │ 'react-docgen-typescript-plugin' │ 1.14 │ 0.14 │ 1 │ 0 │ 0 │ 1 │ '1.0.6' │
│ 119 │ 'react-dom' │ 1.86 │ 0 │ 2 │ 0 │ 1 │ 1 │ '18.3.1' │
│ 120 │ 'react-error-boundary' │ 2.34 │ 0.21 │ 14 │ 1 │ 0 │ 13 │ '4.0.13' │
│ 121 │ 'react-markdown' │ 1.56 │ 0.51 │ 6 │ 1 │ 0 │ 5 │ '9.0.1' │
│ 122 │ 'react-query' │ 0.41 │ 1.31 │ 14 │ 1 │ 5 │ 8 │ '4.0.0' │
│ 123 │ 'react-router-transition' │ 2.97 │ 3.3 │ 4 │ 1 │ 3 │ 0 │ '2.1.0' │
│ 124 │ 'react-router' │ 4.18 │ 0.02 │ 69 │ 3 │ 29 │ 37 │ '6.23.1' │
│ 125 │ 'react-select-5' │ NaN │ 0.33 │ 1 │ 1 │ 0 │ 0 │ 'N/A' │
│ 126 │ 'react-select' │ 5.29 │ 0.53 │ 61 │ 4 │ 17 │ 40 │ '5.8.0' │
│ 127 │ 'react-table' │ 1.05 │ 2 │ 1 │ 0 │ 1 │ 0 │ '7.8.0' │
│ 128 │ 'react-tabs' │ 1.71 │ 0.84 │ 12 │ 3 │ 5 │ 4 │ '6.0.2' │
│ 129 │ 'react-tooltip-5' │ NaN │ NaN │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 130 │ 'react-tooltip' │ 2.92 │ 0.02 │ 79 │ 1 │ 29 │ 49 │ '5.26.4' │
│ 131 │ 'react' │ 1.86 │ 0 │ 2 │ 0 │ 1 │ 1 │ '18.3.1' │
│ 132 │ 'regenerator-runtime' │ 2.4 │ 0.42 │ 4 │ 0 │ 1 │ 3 │ '0.14.1' │
│ 133 │ 'remark-gfm' │ 1.87 │ 0.66 │ 1 │ 1 │ 0 │ 0 │ '4.0.0' │
│ 134 │ 'sass-loader' │ 1.05 │ 0.08 │ 9 │ 1 │ 3 │ 5 │ '14.2.1' │
│ 135 │ 'select' │ 0 │ 7.27 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 136 │ 'sockjs-client' │ 0 │ 1.97 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 137 │ 'sqlite-parser' │ 0 │ 6.92 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 138 │ 'storybook' │ 0.54 │ 0 │ 34 │ 1 │ 2 │ 31 │ '8.1.1' │
│ 139 │ 'trace-unhandled' │ 0 │ 3.2 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 140 │ 'ts-loader' │ 3.65 │ 0.5 │ 54 │ 3 │ 9 │ 42 │ '9.5.1' │
│ 141 │ 'ts-node' │ 1.76 │ 0.44 │ 6 │ 0 │ 2 │ 4 │ '10.9.2' │
│ 142 │ 'tslint-react' │ 1.95 │ 4.07 │ 4 │ 2 │ 2 │ 0 │ '5.0.0' │
│ 143 │ 'tslint' │ 2.24 │ 3.79 │ 18 │ 1 │ 11 │ 6 │ '6.1.3' │
│ 144 │ 'typescript' │ 2.11 │ 0 │ 24 │ 1 │ 7 │ 16 │ '5.4.5' │
│ 145 │ 'use-debounce' │ 0.58 │ 0.53 │ 1 │ 1 │ 0 │ 0 │ '10.0.0' │
│ 146 │ 'uuid' │ 2.76 │ 0.68 │ 2 │ 1 │ 0 │ 1 │ '9.0.1' │
│ 147 │ 'validator' │ 0.76 │ 0.02 │ 1 │ 0 │ 1 │ 0 │ '13.12.0' │
│ 148 │ 'webpack-cli' │ 0.5 │ 0.94 │ 6 │ 0 │ 1 │ 5 │ '5.1.4' │
│ 149 │ 'webpack-notifier' │ 1.03 │ 2.41 │ 4 │ 0 │ 3 │ 1 │ '1.15.0' │
│ 150 │ 'webpack' │ 0.96 │ 0.16 │ 22 │ 0 │ 13 │ 9 │ '5.91.0' │
│ 151 │ 'when' │ 0 │ 7.24 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
└─────────┴───────────────────────────────────────────────────────┴───────┴───────┴──────────┴───────┴───────┴───────┴────────────────┘
# Collective
drift: package is 247.03 libyears behind.
pulse: dependencies are 201.67 libyears behind.
releases: dependencies are 3138 releases behind.
major: dependencies are 128 releases behind.
minor: dependencies are 755 releases behind.
patch: dependencies are 2255 releases behind.
fleetd-chrome report
┌─────────┬──────────────────────────┬───────┬───────┬──────────┬───────┬───────┬───────┬──────────────────┐
│ (index) │ dependency │ drift │ pulse │ releases │ major │ minor │ patch │ available │
├─────────┼──────────────────────────┼───────┼───────┼──────────┼───────┼───────┼───────┼──────────────────┤
│ 0 │ '@jest/globals' │ 0.52 │ 0.01 │ 6 │ 0 │ 2 │ 4 │ '29.7.0' │
│ 1 │ '@types/chrome' │ 1.16 │ 0.02 │ 44 │ 0 │ 0 │ 44 │ '0.0.268' │
│ 2 │ '@types/jest' │ 0.16 │ 0.29 │ 1 │ 0 │ 0 │ 1 │ '29.5.12' │
│ 3 │ 'async-mutex' │ 0 │ 0.18 │ 0 │ 0 │ 0 │ 0 │ 'N/A' │
│ 4 │ 'copy-webpack-plugin' │ 1.67 │ 0.33 │ 3 │ 1 │ 0 │ 2 │ '12.0.2' │
│ 5 │ 'css-loader' │ 1.32 │ 0.1 │ 10 │ 1 │ 5 │ 4 │ '7.1.1' │
│ 6 │ 'dotenv' │ 1.39 │ 0.24 │ 15 │ 0 │ 4 │ 11 │ '16.4.5' │
│ 7 │ 'html-webpack-plugin' │ 2.15 │ 0.41 │ 5 │ 0 │ 1 │ 4 │ '5.6.0' │
│ 8 │ 'jest-environment-jsdom' │ 0 │ 0.01 │ 0 │ 0 │ 0 │ 0 │ '30.0.0-alpha.4' │
│ 9 │ 'jest' │ 0.52 │ 0.01 │ 6 │ 0 │ 2 │ 4 │ '29.7.0' │
│ 10 │ 'msw' │ 1.2 │ 0.02 │ 50 │ 1 │ 5 │ 44 │ '2.3.0' │
│ 11 │ 'node-sass' │ 0.52 │ 0.99 │ 1 │ 1 │ 0 │ 0 │ '9.0.0' │
│ 12 │ 'sass-loader' │ 1.43 │ 0.08 │ 11 │ 1 │ 3 │ 7 │ '14.2.1' │
│ 13 │ 'style-loader' │ 2.46 │ 0.1 │ 4 │ 1 │ 0 │ 3 │ '4.0.0' │
│ 14 │ 'ts-jest' │ 1.02 │ 0.32 │ 3 │ 0 │ 1 │ 2 │ '29.1.2' │
│ 15 │ 'ts-loader' │ 0.96 │ 0.5 │ 4 │ 0 │ 1 │ 3 │ '9.5.1' │
│ 16 │ 'ts-node' │ 0 │ 0.44 │ 0 │ 0 │ 0 │ 0 │ '11.0.0-beta.1' │
│ 17 │ 'typescript' │ 1.19 │ 0 │ 13 │ 1 │ 4 │ 8 │ '5.4.5' │
│ 18 │ 'wa-sqlite' │ NaN │ 0.36 │ 1 │ 1 │ 0 │ 0 │ '1.0.0' │
│ 19 │ 'webpack-cli' │ 0.5 │ 0.94 │ 6 │ 0 │ 1 │ 5 │ '5.1.4' │
│ 20 │ 'webpack-merge' │ 2.35 │ 0.59 │ 2 │ 0 │ 2 │ 0 │ '5.10.0' │
│ 21 │ 'webpack' │ 1.03 │ 0.16 │ 26 │ 0 │ 15 │ 11 │ '5.91.0' │
└─────────┴──────────────────────────┴───────┴───────┴──────────┴───────┴───────┴───────┴──────────────────┘
# Collective
drift: package is 21.55 libyears behind.
pulse: dependencies are 6.11 libyears behind.
releases: dependencies are 211 releases behind.
major: dependencies are 8 releases behind.
minor: dependencies are 46 releases behind.
patch: dependencies are 157 releases behind.
Backend report:
package version date latest latest_date libyear
github.com/fleetdm/fleet/v4 2024-05-17 132.87
cloud.google.com/go/pubsub 1.33.0 2023-07-24 1.38.0 2024-05-06 0.79
fyne.io/systray 1.10.1-0.20240111184411-11c585fff98d 2022-06-08 1.10.1-0.20240111184411-11c585fff98d 2022-06-08 0.00
github.com/AbGuthrie/goquery/v2 2.0.1 2020-01-19 2.0.4 2020-05-27 0.35
github.com/DATA-DOG/go-sqlmock 1.5.0 2020-06-28 1.5.2 2024-01-06 3.53
github.com/Masterminds/semver 1.5.0 2019-09-11 1.5.0 2019-09-11 0.00
github.com/RobotsAndPencils/buford 0.14.0 2019-10-11 0.14.0 2019-10-11 0.00
github.com/VividCortex/mysqlerr 0.0.0-20170204212430-6c6b55f8796f 2017-02-04 1.0.0 2021-04-26 4.22
github.com/WatchBeam/clock 0.0.0-20170901150240-b08e6b4da7ea 2017-09-01 0.0.0-20220922162503-4933054921a2 2022-09-22 5.06
github.com/XSAM/otelsql 0.10.0 2021-12-13 0.31.0 2024-05-02 2.39
github.com/andygrunwald/go-jira 1.16.0 2022-07-08 1.16.0 2022-07-08 0.00
github.com/antchfx/xmlquery 1.3.14 2023-01-12 1.4.0 2024-04-06 1.23
github.com/aws/aws-sdk-go 1.44.288 2023-06-22 1.53.4 2024-05-16 0.90
github.com/beevik/etree 1.1.0 2019-02-02 1.4.0 2024-05-13 5.28
github.com/beevik/ntp 0.3.0 2020-03-19 1.4.1 2024-05-03 4.12
github.com/briandowns/spinner 1.13.0 2021-05-26 1.23.0 2023-03-06 1.78
github.com/cenkalti/backoff 2.2.1+incompatible 2019-07-17 2.2.1+incompatible 2019-07-17 0.00
github.com/cenkalti/backoff/v4 4.2.1 2023-02-28 4.3.0 2024-01-02 0.84
github.com/clbanning/mxj 1.8.4 2019-01-21 1.8.4 2019-01-21 0.00
github.com/danieljoos/wincred 1.2.1 2023-12-15 1.2.1 2023-12-15 0.00
github.com/davecgh/go-spew 1.1.1 2018-02-21 1.1.1 2018-02-21 0.00
github.com/dgraph-io/badger/v2 2.2007.2 2020-08-27 2.2007.4 2021-08-25 0.99
github.com/digitalocean/go-smbios 0.0.0-20180907143718-390a4f403a8e 2018-09-07 0.0.0-20180907143718-390a4f403a8e 2018-09-07 0.00
github.com/docker/docker 24.0.9+incompatible 2024-02-01 26.1.3+incompatible 2024-05-15 0.29
github.com/docker/go-units 0.4.0 2019-04-23 0.5.0 2022-05-17 3.07
github.com/doug-martin/goqu/v9 9.18.0 2021-10-16 9.19.0 2023-11-21 2.10
github.com/e-dard/netbug 0.0.0-20151029172837-e64d308a0b20 2015-10-29 0.0.0-20151029172837-e64d308a0b20 2015-10-29 0.00
github.com/elazarl/go-bindata-assetfs 1.0.1 2020-05-09 1.0.1 2020-05-09 0.00
github.com/facebookincubator/flog 0.0.0-20190930132826-d2511d0ce33c 2019-09-30 0.0.0-20190930132826-d2511d0ce33c 2019-09-30 0.00
github.com/fatih/color 1.15.0 2023-03-12 1.17.0 2024-04-08 1.08
github.com/getsentry/sentry-go 0.18.0 2023-02-07 0.27.0 2024-02-07 1.00
github.com/ghodss/yaml 1.0.0 2017-03-27 1.0.0 2017-03-27 0.00
github.com/github/smimesign 0.2.0 2021-10-04 0.2.0 2021-10-04 0.00
github.com/go-git/go-git/v5 5.11.0 2023-12-08 5.12.0 2024-03-19 0.28
github.com/go-ini/ini 1.67.0 2022-08-08 1.67.0 2022-08-08 0.00
github.com/go-kit/kit 0.12.0 2021-09-18 0.13.0 2023-05-29 1.69
github.com/go-kit/log 0.2.1 2022-04-27 0.2.1 2022-04-27 0.00
github.com/go-ole/go-ole 1.2.6 2021-09-15 1.3.0 2023-08-04 1.89
github.com/go-sql-driver/mysql 1.7.1 2023-04-25 1.8.1 2024-03-26 0.92
github.com/gocarina/gocsv 0.0.0-20220310154401-d4df709ca055 2022-03-10 0.0.0-20231116093920-b87c2d0e983a 2023-11-16 1.69
github.com/golang-jwt/jwt/v4 4.4.2 2022-06-04 4.5.0 2022-12-09 0.52
github.com/gomodule/oauth1 0.2.0 2021-11-19 0.2.0 2021-11-19 0.00
github.com/gomodule/redigo 1.8.9 2022-07-06 1.9.2 2024-02-25 1.64
github.com/google/go-cmp 0.6.0 2023-08-31 0.6.0 2023-08-31 0.00
github.com/google/go-github/v37 37.0.0 2021-07-09 37.0.0 2021-07-09 0.00
github.com/google/uuid 1.3.0 2021-07-12 1.6.0 2024-01-23 2.53
github.com/goreleaser/goreleaser 1.1.0 2021-11-28 1.26.1 2024-05-15 2.46
github.com/goreleaser/nfpm/v2 2.10.0 2021-11-23 2.37.1 2024-05-09 2.46
github.com/gorilla/mux 1.8.0 2020-07-11 1.8.1 2023-10-18 3.27
github.com/gorilla/websocket 1.4.2 2020-03-19 1.5.1 2023-10-18 3.58
github.com/gosuri/uilive 0.0.4 2020-01-03 0.0.4 2020-01-03 0.00
github.com/groob/finalizer 0.0.0-20170707115354-4c2ed49aabda 2017-07-07 0.0.0-20210806035223-91592c9e1e0b 2021-08-06 4.08
github.com/groob/plist 0.0.0-20220217120414-63fa881b19a5 2022-02-17 0.0.0-20220217120414-63fa881b19a5 2022-02-17 0.00
github.com/hashicorp/go-multierror 1.1.1 2021-03-11 1.1.1 2021-03-11 0.00
github.com/hectane/go-acl 0.0.0-20190604041725-da78bae5fc95 2019-06-04 0.0.0-20230122075934-ca0b05cb1adb 2023-01-22 3.64
github.com/hillu/go-ntdll 0.0.0-20220801201350-0d23f057ef1f 2022-08-01 0.0.0-20240418173803-69345773b582 2024-04-18 1.71
github.com/igm/sockjs-go/v3 3.0.2 2021-11-11 3.0.3 2023-11-08 1.99
github.com/jmoiron/sqlx 1.3.5 2022-04-16 1.4.0 2024-04-15 2.00
github.com/josephspurrier/goversioninfo 1.4.0 2022-01-06 1.4.0 2022-01-06 0.00
github.com/kevinburke/go-bindata 3.24.0+incompatible 2023-03-24 3.24.0+incompatible 2023-03-24 0.00
github.com/kolide/launcher 1.0.12 2023-06-23 1.6.6 2024-05-16 0.90
github.com/lib/pq 1.10.9 2023-04-26 1.10.9 2023-04-26 0.00
github.com/macadmins/osquery-extension 1.0.1 2024-05-07 1.0.1 2024-05-07 0.00
github.com/mattermost/xml-roundtrip-validator 0.0.0-20201213122252-bcd7e1b9601e 2020-12-13 0.1.0 2020-12-19 0.02
github.com/mattn/go-sqlite3 1.14.22 2024-02-02 1.14.22 2024-02-02 0.00
github.com/micromdm/micromdm 1.9.0 2022-01-29 1.12.1 2024-03-15 2.12
github.com/mitchellh/go-ps 1.0.0 2020-02-03 1.0.0 2020-02-03 0.00
github.com/mitchellh/gon 0.2.6-0.20231031204852-2d4f161ccecd 2022-03-30 0.2.6-0.20231031204852-2d4f161ccecd 2022-03-30 0.00
github.com/mna/redisc 1.3.2 2021-09-05 1.4.0 2023-10-20 2.12
github.com/nfnt/resize 0.0.0-20180221191011-83c6a9932646 2018-02-21 0.0.0-20180221191011-83c6a9932646 2018-02-21 0.00
github.com/ngrok/sqlmw 0.0.0-20211220175533-9d16fdc47b31 2021-12-20 0.0.0-20220520173518-97c9c04efc79 2022-05-20 0.41
github.com/nukosuke/go-zendesk 0.13.1 2022-08-13 0.18.0 2024-02-06 1.48
github.com/oklog/run 1.1.0 2020-01-08 1.1.0 2020-01-08 0.00
github.com/olekukonko/tablewriter 0.0.5 2021-02-10 0.0.5 2021-02-10 0.00
github.com/open-policy-agent/opa 0.44.0 2022-09-07 0.64.1 2024-04-26 1.64
github.com/oschwald/geoip2-golang 1.8.0 2022-08-07 1.9.0 2023-06-18 0.86
github.com/osquery/osquery-go 0.0.0-20231130195733-61ac79279aaa 2023-11-30 0.0.0-20231130195733-61ac79279aaa 2023-11-30 0.00
github.com/pandatix/nvdapi 0.6.4 2023-10-16 0.6.5 2023-11-20 0.10
github.com/patrickmn/go-cache 2.1.0+incompatible 2017-07-22 2.1.0+incompatible 2017-07-22 0.00
github.com/pkg/errors 0.9.1 2020-01-14 0.9.1 2020-01-14 0.00
github.com/pmezard/go-difflib 1.0.0 2016-01-10 1.0.0 2016-01-10 0.00
github.com/prometheus/client_golang 1.19.0 2024-02-27 1.19.1 2024-05-09 0.20
github.com/quasilyte/go-ruleguard/dsl 0.3.22 2022-12-28 0.3.22 2022-12-28 0.00
github.com/rs/zerolog 1.20.0 2020-08-06 1.32.0 2024-02-01 3.49
github.com/russellhaering/goxmldsig 1.2.0 2022-03-02 1.4.0 2023-04-20 1.13
github.com/scjalliance/comshim 0.0.0-20230315213746-5e51f40bd3b9 2023-03-15 0.0.0-20231116235529-bbacf79a4691 2023-11-16 0.67
github.com/sethvargo/go-password 0.2.0 2020-07-05 0.3.0 2024-04-18 3.79
github.com/shirou/gopsutil/v3 3.23.3 2023-03-31 3.24.4 2024-04-30 1.08
github.com/skratchdot/open-golang 0.0.0-20200116055534-eef842397966 2020-01-16 0.0.0-20200116055534-eef842397966 2020-01-16 0.00
github.com/spf13/cast 1.4.1 2021-08-15 1.6.0 2023-11-28 2.29
github.com/spf13/cobra 1.5.0 2022-06-21 1.8.0 2023-11-02 1.37
github.com/spf13/viper 1.10.0 2021-12-12 1.18.2 2023-12-18 2.02
github.com/stretchr/testify 1.9.0 2024-02-29 1.9.0 2024-02-29 0.00
github.com/theupdateframework/go-tuf 0.5.2 2023-01-24 0.7.0 2023-11-28 0.84
github.com/throttled/throttled/v2 2.8.0 2021-06-12 2.12.0 2023-06-29 2.05
github.com/tj/assert 0.0.3 2020-06-08 0.0.3 2020-06-08 0.00
github.com/ulikunitz/xz 0.5.10 2021-02-02 0.5.12 2024-04-03 3.17
github.com/urfave/cli/v2 2.23.5 2022-11-09 2.27.2 2024-04-27 1.47
github.com/ziutek/mymysql 1.5.4 2015-01-09 1.5.4 2015-01-09 0.00
go.elastic.co/apm/module/apmgorilla/v2 2.3.0 2023-03-31 2.6.0 2024-04-11 1.03
go.elastic.co/apm/module/apmsql/v2 2.4.3 2023-06-22 2.6.0 2024-04-11 0.81
go.elastic.co/apm/v2 2.4.3 2023-06-22 2.6.0 2024-04-11 0.81
go.etcd.io/bbolt 1.3.6 2021-05-23 1.3.10 2024-05-03 2.95
go.mozilla.org/pkcs7 0.0.0-20210826202110-33d05740a352 2021-08-26 0.0.0-20210826202110-33d05740a352 2021-08-26 0.00
go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux 0.44.0 2023-09-12 0.51.0 2024-04-24 0.62
go.opentelemetry.io/otel 1.19.0 2023-09-28 1.26.0 2024-04-24 0.57
go.opentelemetry.io/otel/exporters/otlp/otlptrace 1.19.0 2023-09-28 1.26.0 2024-04-24 0.57
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc 1.19.0 2023-09-28 1.26.0 2024-04-24 0.57
go.opentelemetry.io/otel/sdk 1.19.0 2023-09-28 1.26.0 2024-04-24 0.57
golang.org/x/crypto 0.22.0 2024-04-04 0.23.0 2024-05-06 0.09
golang.org/x/exp 0.0.0-20230105202349-8879d0199aa3 2023-01-05 0.0.0-20240506185415-9bf2ced13842 2024-05-06 1.33
golang.org/x/image 0.10.0 2023-08-01 0.16.0 2024-05-05 0.76
golang.org/x/mod 0.12.0 2023-06-21 0.17.0 2024-03-15 0.73
golang.org/x/net 0.24.0 2024-04-04 0.25.0 2024-05-06 0.09
golang.org/x/oauth2 0.16.0 2024-01-08 0.20.0 2024-04-22 0.29
golang.org/x/sync 0.3.0 2023-06-01 0.7.0 2024-03-04 0.76
golang.org/x/sys 0.19.0 2024-04-04 0.20.0 2024-05-03 0.08
golang.org/x/text 0.14.0 2023-10-11 0.15.0 2024-04-15 0.51
golang.org/x/tools 0.13.0 2023-09-05 0.21.0 2024-05-06 0.67
google.golang.org/api 0.128.0 2023-06-15 0.181.0 2024-05-16 0.92
google.golang.org/grpc 1.58.3 2023-10-10 1.64.0 2024-05-14 0.59
gopkg.in/guregu/null.v3 3.5.0 2020-04-25 3.5.0 2020-04-25 0.00
gopkg.in/ini.v1 1.67.0 2022-08-08 1.67.0 2022-08-08 0.00
gopkg.in/natefinch/lumberjack.v2 2.0.0 2018-08-17 2.2.1 2023-02-06 4.48
gopkg.in/yaml.v2 2.4.0 2020-11-17 2.4.0 2020-11-17 0.00
howett.net/plist 1.0.0 2021-11-27 1.0.1 2023-10-24 1.91
software.sslmate.com/src/go-pkcs12 0.0.0-20210415151418-c5206de65a78 2021-04-15 0.4.0 2023-11-05 2.56
We should schedule a task to update our code library dependencies regularly (once a quarter?) for:
Why?
As part of this process, we should also look for library dependencies to eliminate to reduce the surface area for vulnerabilities/bugs/maintenance.
nock
library dependency. It was a priority issue to fix this for compliance. However, on further inspection it turned out we weren't even using thenock
library, and it could be removed.