Update vulnerable packages #746
Conversation
package.json
Outdated
| @@ -123,7 +123,7 @@ | |||
| "date-fns": "^3.3.1", | |||
| "electron-squirrel-startup": "^1.0.0", | |||
| "electron2appx": "^2.1.2", | |||
| "express": "4.19.2", | |||
| "express": "4.20.0", | |||
There was a problem hiding this comment.
I upgraded to the one with a security fix in place, but it's a good point, it makes sense to upgrade to the latest 4.x. I've just upgraded it.
| @@ -69,7 +69,7 @@ | |||
| "electron": "29.1.0", | |||
| "electron-devtools-installer": "^3.2.0", | |||
| "electron-playwright-helpers": "^1.7.0", | |||
| "eslint": "^8.0.1", | |||
| "eslint": "^8.57.1", | |||
There was a problem hiding this comment.
Not something we need to address in this PR, but noting that https://eslint.org/ says ESLint 8.x is EOL, so we should look into updating to 9.x.
| @@ -106,7 +106,7 @@ | |||
| "@php-wasm/scopes": "^0.9.44", | |||
| "@php-wasm/universal": "^0.9.44", | |||
| "@rive-app/react-canvas": "^4.12.0", | |||
| "@sentry/electron": "^4.17.0", | |||
| "@sentry/electron": "^4.24.0", | |||
There was a problem hiding this comment.
Again, not something we need to do in this PR, but we should look into upgrading to the next major version. Are we aware of any potentially breaking issues, @wojtekn?
There was a problem hiding this comment.
@fredrikekelund yes, we should, but let's do this separately. I want to take the smallest possible step here to fix the security issues reported by Dependabot. We will need to update WP components, Electron and probably more.
Related issues
Proposed Changes
Testing Instructions
Pre-merge Checklist