UI: Fixes security vulnerability in npm dependencies #308
Conversation
tekton-robot
added
the
size/XXL
| @@ -29,7 +29,7 @@ | |||
| "react-hotkeys-hook": "^3.3.1", | |||
| "react-markdown": "^5.0.3", | |||
| "react-router-dom": "^5.2.0", | |||
| "react-scripts": "^4.0.1", | |||
| "react-scripts": "4.0.3", | |||
There was a problem hiding this comment.
Is this the only dependency we need to update ??
There was a problem hiding this comment.
Should we also check if there are updates for the other packages as well
There was a problem hiding this comment.
I have updated only packages that has npm audit issue, if we look for other packages then there might be some breaking change in ui
There was a problem hiding this comment.
Yeah but I think with this patch we should also update the other packages if there is an updated version for it
There was a problem hiding this comment.
Also we can plan to bump the node and the npm version
| </span> | ||
| <span className=\\"token code\\" style={{...}}> | ||
| `az` | ||
| `az` |
There was a problem hiding this comment.
Does the above dependency change the snapshot ??
pratap0007
force-pushed
the
update-ui-packages
branch
2 times, most recently
from
1a666dc to
6f4511d
Compare
pratap0007
force-pushed
the
update-ui-packages
branch
2 times, most recently
from
1e8c20a to
a35f94b
Compare
|
@pratap0007 Is this PR good for review or are you still working on it? |
Still working on it , issue is snapshot of Readme components changes some time and trying to fix it |
pratap0007
force-pushed
the
update-ui-packages
branch
3 times, most recently
from
5213d47 to
7e563fd
Compare
- Bumps react scripts to latest version and updates snapshot of Readme component - Bumps node and npm to latest version Singed-off-by: Shiv Verma <shverma@redhat.com>
pratap0007
force-pushed
the
update-ui-packages
branch
from
7e563fd to
4c14934
Compare
|
Thanks 🤙🏻 |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: PuneetPunamiya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
|
/hold |
tekton-robot
added
the
do-not-merge/hold
latest version for both (node v16.8.0, npm 7.21.1) |
|
/hold cancel |
tekton-robot
added
lgtm
Changes
snapshot of Readme component
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
make api-checkmake ui-checkSee the contribution guide for more details.