search

rebornix / vscode-webview-react

Create React App starter in VSCode Webview.
MIT License
241 stars 53 forks source link

Upgrade dependencies to fix vulnerabilities #1

Closed carlosms closed 5 years ago

carlosms commented 5 years ago

If you try to build and submit a new extension to the marketplace it will be rejected with the message "Extension failed Virus check. Please submit a valid extension.".

With the current code yarn audit returns:

27 vulnerabilities found - Packages audited: 31684
Severity: 8 Low | 18 High | 1 Critical

yarn upgrade is not so straightforward because react-scripts-ts was discontinued and the latest version still leaves vulnerabilities.

I followed this guide to migrate from react-scripts-ts to react-scripts.

The new versions changed the way the build assets are createed, splitting them in a way that makes it hard to rebuild in _getHtmlForWebview. I followed this workaround to disable the code splitting, fixing the <script /> link.

adamwatters commented 5 years ago

any reason this hasn't been merged?

rebornix commented 5 years ago

the only reason is I didn't see this notification in my inbox. Thanks all for the contribution!