Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[email protected] - More security package updates (vue, storybook) #2517

Merged
merged 6 commits into from
Apr 30, 2024
Merged

[email protected] - More security package updates (vue, storybook) #2517

merged 6 commits into from
Apr 30, 2024

Conversation

xander-marjoram
Copy link
Contributor

@xander-marjoram xander-marjoram commented Apr 29, 2024
edited
Loading

Almost half of the open Snyk PRs are for upgrading @vue/plugin-cli-babel to v5.

I'm also updating storybook to the latest v6. A major version bump was not trivial and likely requires its own ticket.

@github-actions github-actions bot added atoms This PR changes at least one "atom" component molecules This PR changes at least one "molecule" component organisms This PR changes at least one "organism" component pages This PR changes at least one "page" component labels Apr 29, 2024
@github-actions github-actions bot added the storybook This PR contains storybook changes label Apr 29, 2024
@xander-marjoram xander-marjoram changed the title Dsw 1909 snyk updates 2 [email protected] - More security package updates (vue, storybook) Apr 29, 2024
@xander-marjoram xander-marjoram force-pushed the dsw-1909-snyk-updates-2 branch from f87bb73 to 1b1c33a Compare April 29, 2024 15:10
@xander-marjoram
Copy link
Contributor Author

xander-marjoram commented Apr 29, 2024
edited
Loading

On balance I think resolving many vulnerabilities and introducing one is acceptable, especially considering the @justeat/storybook project is private and therefore not installable. To resolve the new vulnerability we would need to update storybook to v7, which is likely a large piece of work requiring its own ticket.

Undoing only the @storybook/vue upgrade causes other (compatibility) issues.

@xander-marjoram xander-marjoram marked this pull request as ready for review April 29, 2024 15:37
@xander-marjoram xander-marjoram merged commit 71dc3a7 into master Apr 30, 2024
37 of 38 checks passed
@xander-marjoram xander-marjoram deleted the dsw-1909-snyk-updates-2 branch April 30, 2024 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fernandofranca fernandofranca fernandofranca approved these changes

@kevinrodrigues kevinrodrigues kevinrodrigues approved these changes

Assignees
No one assigned
Labels
atoms This PR changes at least one "atom" component molecules This PR changes at least one "molecule" component organisms This PR changes at least one "organism" component pages This PR changes at least one "page" component storybook This PR contains storybook changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xander-marjoram @fernandofranca @kevinrodrigues