chore: Bump dependencies to reduce vulnerabilities in /ui #4654
Commits on Oct 20, 2024
-
chore: Bump transitive word-wrap from 1.2.3 to 1.2.5 in /ui
This resolves a vulnerability in word-wrap: GHSA-j8xg-fqg3-53r7. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Bump protobufjs-cli from 1.0.2 to 1.1.3 in /ui
The older version depended on taffydb that has a vulnerability with no patched version available. The latest version no longer uses it. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Bump transitive dependencies of msw in /ui
This resolves 1 critical and 1 high level vulnerability in @xmldom/xmldom and path-to-regexp. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Bump vulnerable rollup packages to latest versions in /ui
This resolves 1 high and 9 moderate level vulnerabilities reported by `yarn audit`. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Bump @babel packages to latest in /ui
This resolves 16 high level vulnerabilities reported by `yarn audit`. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Use browserslist default configuration in Feast UI
"defaults" (https://browsersl.ist/#q=defaults) is the recommended starting point these days, it's a shorthand for "> 0.5%, last 2 versions, Firefox ESR, not dead". Using it gets rid of a couple autoprefixer related warnings that started appearing after dependency updates. Check the previous production configuration at https://browsersl.ist/#q=%3E0.2%25%2C+not+dead%2C+not+op_mini+all if you want to compare what changed. Signed-off-by: Harri Lehtola <[email protected]>
-
chore: Bump react-scripts from 5.0.0 to 5.0.1 in /ui
This resolves 2 critical, 11 high, 7 moderate and 1 low level vulnerability reported by `yarn audit`. @babel/plugin-proposal-private-property-in-object is added to devDependencies due to this warning when running the tests: > One of your dependencies, babel-preset-react-app, is importing the > "@babel/plugin-proposal-private-property-in-object" package without > declaring it in its dependencies. This is currently working because > "@babel/plugin-proposal-private-property-in-object" is already in your > node_modules folder for unrelated reasons, but it may break at any time. > > babel-preset-react-app is part of the create-react-app project, which > is not maintianed (sic) anymore. It is thus unlikely that this bug will > ever be fixed. Add "@babel/plugin-proposal-private-property-in-object" to > your devDependencies to work around this error. This will make this message > go away. Signed-off-by: Harri Lehtola <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.