Closed MelissaDTH closed 1 week ago
Visit the preview URL for this PR (updated for commit b2dde68):
https://ottwebapp--pr560-chore-maintenance-20-bxuibuga.web.app
(expires Sat, 20 Jul 2024 08:37:55 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
Sign: c198f8a3a199ba8747819f7f1e45cf602b777529
Maybe we can syncyarnlock
so that package.json
aligns with the upgrade. @MelissaDTH
If we want to be even more safe, we could add resolutions for the leftover risks:
"resolutions": {
"axios": "^0.28.0",
"ws": "^8.17.1"
}
Maintenance 2024 Q2
At Videodock, we conduct quarterly maintenance to address any security risks and proactively upgrade the dependencies. This PR accomplishes that, with notable details outlined below.
Prepare
main
, runyarn
Update dependencies
yarn upgrade
and test dev server$ npx syncyarnlock -skgl
to sync theyarn.lock
file to thepackage.json
Clean up
After merge
Notable updates
1. @types/reflect-metadata is removed
reflect-metadata
provides its own type definitions, so we don't need to install@types/reflect-metadata
anymore2. ignoreDependencies is removed in
knip.config.ts
After this update, the
knip
package does now sees thateslint-config-jwp
exists, so there's no need to add this toignoreDependencies
anymore3. Security Issues Summary
Currently, these 4 issues originate from the
@inplayer-org/inplayer.js
package, which cannot be updated because we are already on the latest version, see an overview here:Steps completed:
According to our definition of done, I have completed the following steps: