Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fix ws deep package version #1692

Merged
merged 1 commit into from
Aug 23, 2024
Merged

chore: fix ws deep package version #1692

merged 1 commit into from
Aug 23, 2024

Conversation

ansmonjol
Copy link
Collaborator

Context

We have multiple packages relying internally on ws dependency. mostly all are on 8.x versions of it.

Also ws have a CVE fix available starting on those versions. 5.2.4, 6.2.3, 7.5.10, 8.17.1

ws has recently manually fixed to a upper version in our repo: https://github.com/getlago/lago-front/pull/1685/files
I did that as a quick fix, and also removed webpack-bundle-analyser as it was the only one to rely on a 7.x version of ws

Description

This PR does reintroduce webpack-bundle-analyser package, and I updated concerned packages so they can use the new ^8.x or ^7.x version containing the fix. Note that internally they use ^ notation for ws, so they had the fix but the deep pckage version were not updated in our project yet.

Update deep version with yarn today is mainly about removing a package and installing it again: yarnpkg/yarn#2394 (comment)

Also, as those version concerns the codegen, I ran it again hence having some changes on the generated file.

Here is the new ws version status on our app after those changes.

Monosnap alexandremonjol@Alexandres-Laptop:~:Developer:lago:front 2024-08-22 14-50-54

@ansmonjol ansmonjol added 🥷 chore This doesn't seem right 🔗 dependencies Pull requests that update a dependency file labels Aug 22, 2024
@ansmonjol ansmonjol self-assigned this Aug 22, 2024
@ansmonjol ansmonjol requested review from jdenquin and keellyp August 22, 2024 17:59
@ansmonjol ansmonjol merged commit c11ee15 into main Aug 23, 2024
11 checks passed
@ansmonjol ansmonjol deleted the fix-ws-deep-version branch August 23, 2024 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keellyp keellyp keellyp approved these changes

@jdenquin jdenquin Awaiting requested review from jdenquin

Assignees

@ansmonjol ansmonjol

Labels
🥷 chore This doesn't seem right 🔗 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ansmonjol @keellyp