Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security vulnerability #80

Merged
merged 4 commits into from
Sep 23, 2021
Merged

Fix security vulnerability #80

merged 4 commits into from
Sep 23, 2021

Conversation

connectdotz
Copy link
Collaborator

@connectdotz connectdotz commented Sep 18, 2021
edited
Loading

in order to address security vulnerability, upgraded most dependencies except the following:

  • flow-bin: the newer version caused tons of errors that didn't seem to be trivial to fix. Giving we do plan to move to typescript, decided not to invest too much time here, so left it unchanged.
  • danger: it has a dependency (set-value) that is flagged as a high-severity issue, and there is no fix from danger yet. So removing it for now and we can revisit it during github actions migration.

The upgrade of jest-snapshot brought in a breaking change that buildSnapshotResolver has become an async call. Therefore made some change in Snapshot.js.

Also fixed some eslint error and config due to upgrade.

@connectdotz connectdotz changed the title Fix security dependency Fix security vulnerability Sep 18, 2021
@connectdotz connectdotz merged commit 303ae26 into jest-community:master Sep 23, 2021
@connectdotz connectdotz deleted the fix-security-dependency branch September 23, 2021 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orta orta Awaiting requested review from orta

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@connectdotz