search

privacy-tech-lab / privacy-pioneer

Privacy browser extension for analyzing web traffic of visited websites
https://www.privacytechlab.org/
Other
22 stars 1 forks source link

Update package.json to solve Dependabot alert #579

Closed atlasharry closed 1 week ago

atlasharry commented 2 weeks ago

This issue is for Dependabot alert 70.

atlasharry commented 2 weeks ago

I have changed the ws into ^8.17.1 and web-ext into ^8.2.0 in both package.lock.json and package.json. However, one thing I noticed is when I build the app according to package.json via npm install or npm install --production=false, I would ended up creating a totally different package.lock file which has much more than changing only "ws" and "web-ext" (This may because the current package.lock on our github is outdated?")

In this branch, I only keep the changes of ws and web-ext version in the package.lock.json. Since by updating package.json, the user can build their own app and update the dependencies in package.lock.json accordingly.

I have tested the new dependency versions and the app works perfectly fine on my end.

SebastianZimmeck commented 2 weeks ago

Excellent, @atlasharry!

@atlasharry, can you open a PR and add @dadak-dom as reviewer?

(cc'ing @Mattm27)

SebastianZimmeck commented 2 weeks ago

Corresponding OptMeowt issue for reference.

SebastianZimmeck commented 2 weeks ago

As discussed, if useful, @atlasharry will also add a comment in the readme for developers on how to fix these type of dependency issues as we will likely continue to see them since we have a good number of dependencies.

SebastianZimmeck commented 1 week ago

Thanks, @atlasharry! And once the fix is in, we can close the alert manually.