Upgrade dependencies to address security alerts

ooni / orchestra

The OONI Probe Orchestration System

BSD 3-Clause "New" or "Revised" License

12 stars 5 forks source link

Upgrade dependencies to address security alerts #85

Open sarathms opened 4 years ago

sarathms commented 4 years ago

Github reports vulnerabilities in dependent packages. https://github.com/ooni/orchestra/network/alerts

Dependabot has opened #76 to upgrade next to 4.x.x, maybe it can be upgraded to more recent versions closer to the latest 9.x.x

Other indirect dependencies can be fixed by pinning versions under resolutions in package.json.

sarathms commented 4 years ago

This will take longer than expected. Some dependencies are not trivial to upgrade to latest version. It might be possible to upgrade to some intermediate version with minimal code changes, but to find such versions will take the same time to make changes to work with all latest versions.