Open dsriseah opened 4 months ago
Raw nodes on package updates from @Sakelun posted to Slack on May 21. This is the basis for the work in PR #9 Core Platform Update for Node v18
adm-zip
: Minor update (v0.4.14 to v0.5.10)
Not updated
ajv
: Major update (v6.10.2 to v8.12.0)
Not updated
cookie-parser
: Patch update (v1.4.4 to v1.4.6)
Rationale: Dependency updates
Changelog: https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md
debounce
: Major update (v1.2.0 to v2.0.0)
Not updated
Adds requirement: Node v18 Updates some devDependencies for testing (Does not need to be updated)
ejs
: Major update (v2.7.1 to v3.1.9)
Rationale: npm audit vulnerability (critical) / ejs template injection vulnerability https://github.com/advisories/GHSA-phwq-j96m-2c2q
Notes: changelogs apparently stop being a thing after 2.7.4 ? Was able to dig up a CHANGELOG file that provided notes for v3.0.1 which has since been removed
v3.0.1 Removed require.extensions (@mde) Removed legacy preprocessor include (@mde) Removed support for EOL Nodes 4 and 6 (@mde)
express
: Minor update (v4.17.1 to v4.18.2)
Rationale: Required for Node v18 support
Changelog: https://expressjs.com/en/changelog/4x.html
Relevant changes
v4.17.2
fs-extra
: Major update (v8.1.0 to v11.2.0)
Not updated
Changelog: https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md
Few possible breaking changes, but fundamentally doesn't need to be updated.
hashids
: Major update (v1.2.2 to v2.3.0)
Rationale: Required to avoid an invalid state loop that occurs in SystemShell.jsx
Changelog: https://github.com/niieani/hashids.js/blob/master/CHANGELOG.md
Major changes; rewritten in Typescript Breaking changes:
ip
: Major update (v1.1.5 to ~v2.0.1~ v1.1.9)
Rationale: Node v18 support added in v1.1.6+; CVEs "fixed" in v1.1.9+ or 2.0.1+
Changelog: None provided; inferred from commit history
Active CVEs on this project and seems unmaintained: https://github.com/indutny/node-ip/issues/150
lokijs
: Patch update (v1.5.7 to v1.5.12)
Not updated
Changelog: None maintained beyond 1.5.7
multer
: Patch update (v1.4.2 to v1.4.5-lts.1)
Rationale: Resolves DoS vulnerability and 1.4.2 is deprecated (https://github.com/expressjs/multer/issues/1254)
Changelog: None maintained beyond 1.4.2
Of consequence, this issue casts doubt on the level of Node support provided by moving to the 2.x series. The 1.4.5-lts.1 version does not refer to fs-temp as noted in the issue.
stacktrace-js
: Patch update (v2.0.1 to v2.0.2)
Rationale: Contains vulnerability fixes
Changelogs:
https://github.com/stacktracejs/stacktrace.js/blob/master/CHANGELOG.md (not maintained beyond 2.0.0)
https://github.com/stacktracejs/stacktrace.js/releases/tag/v2.0.2
Dependency update (to address a vulnerability in acorn@7.0.0) and sourcemap fix
superagent
: Major update (v5.1.0 to ~v8.1.2~ v8.0.9)
Rationale: Deprecated, authors indicate v7.1.5 or v8.0.0+ be used instead. v8.0.3 first mention of Node v18 support
Changelog: https://github.com/ladjs/superagent/releases
v5.x to v6.x:
application/x-www-form-urlencoded
, using arrayFormat: 'indices'
semantics of qs
library. (See: https://www.npmjs.com/package/qs#stringifying)
v7.0 to v8.0:tracer
: Major update (v0.9.9 to v1.3.0)
Rationale: Several security fixes contained within update path; only package updates otherwise
Changelog: https://github.com/baryon/tracer?tab=readme-ov-file#history
uuid
: Major update (v3.3.3 to v9.0.1)
Not updated
Changelog: https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md
Significant Changes
v7.0.0:
ws
: Major update (v7.1.2 to ~v8.16.0~ v7.5.9)
Rationale: NodeJS compatibility, important backports
Changelog: https://github.com/websockets/ws/releases
Significant Changes
v7.2.5: Fix compatibility with NodeJS:master v7.4.0: Provides access to HTTP GET request during socket 'connection' event; used in NetCreate-Auth/Access-Lite to propagate JWT user information between Express+WSS events v7.4.6: Regex DoS vulnerability fix v7.5.x: Backports (last on July 15th 2022)
copy-webpack-plugin
: (v4.5.4 to v12.0.2)html-webpack-plugin
: (v3.2.0 to v5.6.0)mini-css-extract-plugin
: Major update (v0.4.3 to v2.8.0)optimize-css-assets-webpack-plugin
: Removeduglifyjs-webpack-plugin
: Removedwebpack
: (v4.41.0 to v5.90.3)webpack-cli
: (v3.3.9 to v5.1.4)webpack-dev-middleware
: (v3.7.2 to v7.0.0)webpack-dev-server
: (v3.8.1 to v5.0.2)webpack-hot-middleware
: (v2.25.0 to v2.26.1)@dagrejs/graphlib
bootstrap
classnames
clsx
color
cropperjs
electron
jquery
prop-types
react
, react-dom
react-draggable
react-router
react-router-config
react-router-dom
react-router-proptypes
reactstrap
rfdc
(Really Fast Deep Clone); only used on FEstyled-components
(introduced)webrtc-adapter
: (removed: not used)
New fork of original MEME (2018) created. New Wiki, Issues, Projects, and Pull Requests for changes moving forward go in this repo. However, we can refer to stuff in the old WIKI as needed.
Running list of Issues