Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Bump dependencies to reduce vulnerabilities in /ui (feast-dev#…
…4654) * chore: Bump transitive word-wrap from 1.2.3 to 1.2.5 in /ui This resolves a vulnerability in word-wrap: GHSA-j8xg-fqg3-53r7. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Bump protobufjs-cli from 1.0.2 to 1.1.3 in /ui The older version depended on taffydb that has a vulnerability with no patched version available. The latest version no longer uses it. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Bump transitive dependencies of msw in /ui This resolves 1 critical and 1 high level vulnerability in @xmldom/xmldom and path-to-regexp. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Bump vulnerable rollup packages to latest versions in /ui This resolves 1 high and 9 moderate level vulnerabilities reported by `yarn audit`. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Bump @babel packages to latest in /ui This resolves 16 high level vulnerabilities reported by `yarn audit`. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Use browserslist default configuration in Feast UI "defaults" (https://browsersl.ist/#q=defaults) is the recommended starting point these days, it's a shorthand for "> 0.5%, last 2 versions, Firefox ESR, not dead". Using it gets rid of a couple autoprefixer related warnings that started appearing after dependency updates. Check the previous production configuration at https://browsersl.ist/#q=%3E0.2%25%2C+not+dead%2C+not+op_mini+all if you want to compare what changed. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> * chore: Bump react-scripts from 5.0.0 to 5.0.1 in /ui This resolves 2 critical, 11 high, 7 moderate and 1 low level vulnerability reported by `yarn audit`. @babel/plugin-proposal-private-property-in-object is added to devDependencies due to this warning when running the tests: > One of your dependencies, babel-preset-react-app, is importing the > "@babel/plugin-proposal-private-property-in-object" package without > declaring it in its dependencies. This is currently working because > "@babel/plugin-proposal-private-property-in-object" is already in your > node_modules folder for unrelated reasons, but it may break at any time. > > babel-preset-react-app is part of the create-react-app project, which > is not maintianed (sic) anymore. It is thus unlikely that this bug will > ever be fixed. Add "@babel/plugin-proposal-private-property-in-object" to > your devDependencies to work around this error. This will make this message > go away. Signed-off-by: Harri Lehtola <peruukki@hotmail.com> --------- Signed-off-by: Harri Lehtola <peruukki@hotmail.com>
- Loading branch information
