Closed christo8989 closed 2 years ago
We may be able to find a replacement for react-code-block and add the audit check. Definitely something worth having given the app can see network requests. Let's get this in for now then think about adding audit/replacing react-code-block later.
Once this is merged i'll also change the required checks on the workflow pipeline to node v (16) only. The 14.4 check is now redundent.
y
We may be able to find a replacement for react-code-block and add the audit check. Definitely something worth having given the app can see network requests. Let's get this in for now then think about adding audit/replacing react-code-block later.
Some of the vulnerabilities are around ddos attacks on regex which probably shouldn't effect this app. But if there's another option than sounds good. But I think no rush.
No functional changes to the code. Updated packages and added more checks to the pipeline (if that's okay).
Some packages are left on previous versions due to react-scripts. To see the list, run
yarn outdated
.Changes to take note of...
nvm install && nvm use
)Side note. I wanted to add
yarn audit --groups dependencies
to the checks but the react-code-block package has vulnerabilities. I don't think it matters but worth mentioning.