Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: perform yarn upgrade #12698

Merged
merged 3 commits into from
Aug 3, 2023
Merged

deps: perform yarn upgrade #12698

merged 3 commits into from
Aug 3, 2023

Conversation

vince-fugnitto
Copy link
Member

What it does

The pull-request includes the following changes:

  • perform yarn upgrade to update dependencies to versions that downstream adopters would pull, and fix known security vulnerabilities
  • updated version ranges to compatible versions (ex: msgpackr (deps: upgrade msgpackr #12600))
  • upgraded lerna and performed lerna repair to update deprecated configuration options

How to test

  • confirm that CI successfully passes
  • confirm the output of yarn audit compared to master

Review checklist

Reminder for reviewers

@vince-fugnitto vince-fugnitto added quality issues related to code and application quality security issues related to security dependencies pull requests that update a dependency file labels Jul 11, 2023
@vince-fugnitto
deps: perform yarn upgrade
dd5fdde 
The commit performs a `yarn upgrade` to better represent what downstream
adopters will pull, and also resolve known security vulnerabilities.

Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
@vince-fugnitto
deps: pin puppeteer
d2a8afa 
Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
@vince-fugnitto vince-fugnitto force-pushed the vf/yarn-upgrade-1.40.0 branch from f00324a to d2a8afa Compare August 1, 2023 11:48
@vince-fugnitto
update dependency baseline
a19402a 
The commit updates the `dependency-check-baseline.json` to include
`allure-commandline` as an approved dependency.

Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
@vince-fugnitto vince-fugnitto requested a review from msujew August 1, 2023 13:03
msujew
msujew approved these changes Aug 3, 2023
View reviewed changes
Copy link
Member

@msujew msujew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. CI is green and a manual smoke test doesn't catch anything erroneous 👍

@vince-fugnitto vince-fugnitto merged commit ff10ef0 into master Aug 3, 2023
@vince-fugnitto vince-fugnitto deleted the vf/yarn-upgrade-1.40.0 branch August 3, 2023 12:27
@github-actions github-actions bot added this to the 1.41.0 milestone Aug 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msujew msujew msujew approved these changes

Assignees
No one assigned
Labels
dependencies pull requests that update a dependency file quality issues related to code and application quality security issues related to security
Projects
PR Backlog
Archived in project
Milestone
1.41.0
Development

Successfully merging this pull request may close these issues.
2 participants
@vince-fugnitto @msujew