chore(hail mary): Update package-lock.json via npm-audit-fix #26693
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #26693 +/- ##
==========================================
+ Coverage 67.16% 67.18% +0.01%
==========================================
Files 1902 1902
Lines 74454 74528 +74
Branches 8304 8327 +23
==========================================
+ Hits 50009 50070 +61
- Misses 22391 22397 +6
- Partials 2054 2061 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
It seems this is mostly blocked by typescript problems... this might be fixable, which would be fantastic from a security perspective. |
|
rusackas
force-pushed
the
npm-audit-fix
branch
from
4a976dc
to
1605664
Compare
|
Rekindling this effort, now that storybook is in. This will probably break a whole slew of things, but I'll try to patch what I spot... Here's the good news, if we can pull this off: |
|
/testenv up |
|
@mistercrunch @michael-s-molina this finally passed CI! With this, This will need testing, so I'm spinning up a test environment. I'm most worried about things that use Airbnb dependencies (data-ui, visx, vx) since those are not well maintained, and their use is not well tested. Legacy charts that use them may be quietly broken by this PR. Let me know if you want to join in on the testing effort, and we can coordinate a bit. |
|
Now I'm curious to pull this branch and run |
|
Tempting as it is, I won't click merge yet... I strongly suspect this PR breaks some charts, and they won't be easily fixable without some pretty deep rewrites... particularly the histogram. If we're willing to kill off some charts that have no replacement due to package vulnerabilities, we can take that route, but it sure seems like it'd need official consensus, and that ship has sailed for 4.0. |
|
Hmm... I thought ephemerals were working again... 😞 |
Yep, that would have been a great 4.0 proposal 😢 I do think we should do that in 5.0 though given the security implications. |
|
Impacted things to test:
Results: Histogram seems to work (even if it is giving me the finger) Sparkline seems to work, too! |
|
I think the data-ui problem I was thinking of was part of the React 17 upgrade effort, and this PR doesn't break it. I'll merge this if/when CI passes. |
…-to-the-embedded-dashboard * master: (1182 commits) fix(ci): mypy pre-commit issues (apache#27161) feat(Alerts and Reports): Modal redesign (apache#26202) refactor: Migrate ErrorBoundary to typescript (apache#27143) chore(tests): Remove unnecessary explicit Flask-SQLAlchemy session expunges (apache#27136) fix(plugins): Apply dashboard filters to comparison query in BigNumber with Time Comparison chart (apache#27138) fix: Duplicated toast messages (apache#27135) docs: add Geotab to users list (apache#27134) fix: Plain error message when visiting a dashboard via permalink without permissions (apache#27132) fix: ID param for DELETE ssh_tunnel endpoint (apache#27130) chore(hail mary): Update package-lock.json via npm-audit-fix (apache#26693) chore: lower cryptography min version to 41.0.2 (apache#27129) docs(miscellaneous): Export Datasoruces: export datasources exports to ZIP (apache#27120) fix(pivot-table-v2): Added forgotten translation pivot table v2 (apache#22840) fix: RLS modal overflow (apache#27128) refactor: Updates some database columns to MediumText (apache#27119) fix: gevent upgrade to 23.9.1 (apache#27112) fix: removes old deprecated sqllab endpoints (apache#27117) feat(storybook): Co-habitating/Upgrading Storybooks to v7 (dependency madness ensues) (apache#26907) fix: bump grpcio, urllib3 and paramiko (apache#27124) chore(internet_port): added new ports and removed unnecessary string class (apache#27078) ...
mistercrunch
added
🏷️ bot
SUMMARY
Just thought this was worth a shot to see if it can pass CI. This removes our dependency warnings from:
(37 moderate, 33 high, 14 critical)to
(31 moderate, 28 high, 1 critical)
Storybook PR got a bunch of the critical ones (bringing it down to 4) but this now brings it down to 32 (18 moderate, 13 high, 1 critical)
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
Good luck, CI.
ADDITIONAL INFORMATION