Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update merge-deep per SNYK-JS-MERGEDEEP-1070277 #3409

Merged
merged 1 commit into from
Jun 9, 2021
Merged

Update merge-deep per SNYK-JS-MERGEDEEP-1070277 #3409

merged 1 commit into from
Jun 9, 2021

Conversation

deetergp
Copy link
Contributor

@deetergp deetergp commented Jun 7, 2021

Details

Update merge-deep to 3.0.3 to avoid a nasty vulnerability detailed in the snyk issue linked in this PR's GH issue. This is an update of a dependency, which is why the changes only appear in package-lock.json and not also in package.json.

Fixed Issues

Fixes https://github.com/Expensify/Expensify/issues/165494

Tests

Since merge-deep is an electron dependency, general regression testing of the desktop app should cover any issues that might arise from this change. I fired up the desktop app and the web app and carried on a conversation between two test users, look for anything that appeared out of the ordinary and did not encounter any.

QA Steps

General regression testing of the desktop app should be sufficient.

Tested On

  • Web
  • Mobile Web
  • Desktop
  • iOS
  • Android

@deetergp deetergp requested a review from a team as a code owner June 7, 2021 22:43
@botify
Copy link

botify commented Jun 7, 2021

npm has a package.json file and a package-lock.json file. It seems you updated one without the other, which is usually a sign of a mistake. If you are updating a package make sure that you update the version in package.json then run npm install

@deetergp deetergp self-assigned this Jun 7, 2021
@MelvinBot MelvinBot requested review from MariaHCD and removed request for a team June 7, 2021 22:44
@MariaHCD MariaHCD merged commit 7cc20c1 into main Jun 9, 2021
@MariaHCD MariaHCD deleted the scott-updateSnykUpdateMergeDeep branch June 9, 2021 11:21
@OSBotify OSBotify mentioned this pull request Jun 9, 2021
Closed
49 tasks
@OSBotify
Copy link
Contributor

OSBotify commented Jun 9, 2021

🚀 Deployed to staging in version: 1.0.65-9🚀

platform result
🤖 android 🤖 success ✅
🖥 desktop 🖥 success ✅
🍎 iOS 🍎 success ✅
🕸 web 🕸 success ✅

@OSBotify
Copy link
Contributor

🚀 Deployed to production in version: 1.0.68-4🚀

platform result
🤖 android 🤖 success ✅
🖥 desktop 🖥 success ✅
🍎 iOS 🍎 success ✅
🕸 web 🕸 success ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MariaHCD MariaHCD MariaHCD approved these changes

Assignees

@deetergp deetergp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@deetergp @botify @OSBotify @MariaHCD