seas-computing / react-boilerplate

Starting point for react-based projects at SEAS computing

0 stars 1 forks source link

Fargate refactor #13

Closed jonseitz closed 5 years ago

jonseitz commented 5 years ago

During my work on Fargate I found a few issues in how our existing containerization process was packaging dependencies for the server code. The changes in the webpackfile.js and in the Dockerfile directly address those problems. I also cleaned up our list of dependencies so that we can cleanly install just the production deps in the container. I also added a script that allows Travis to deploy that final built image to docker hub.

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[x] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

[x] I have run eslint on the code
[ ] I have added JSDoc for all of my code (where applicable)
[ ] I have added tests to cover my changes.

Priority:

[x] Normal
[ ] High

Related Issues:

Fixes #___

codecov[bot] commented 5 years ago

Codecov Report

Merging #13 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #13   +/-   ##
=======================================
  Coverage   95.74%   95.74%           
=======================================
  Files          14       14           
  Lines          94       94           
  Branches        8        8           
=======================================
  Hits           90       90           
  Misses          3        3           
  Partials        1        1

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 546058a...769ba8f. Read the comment docs.

jonseitz commented 5 years ago

Bumped versions in 769ba8f.

I tried to unwind that vulnerability a bit -- it looks like the latest stable version of typedoc has an old version of marked pinned that's causing the problem. I tried installing a pre-release of the next version of typedoc (0.15.0) where that dependency on marked is fixed, but that version introduced a critical security vulnerability. :angry:

Given that typedoc is only a dev dependency and won't be packaged with production code, I'm OK leaving this one moderate vulnerability in place until it gets sorted out on their end.