Skip to content

Update dependencies - 1st try (security) #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arm4b merged 2 commits into from
Nov 24, 2023
Merged

Update dependencies - 1st try (security) #183

arm4b merged 2 commits into from
Nov 24, 2023

Conversation

@arm4b
Copy link
Member

@arm4b arm4b commented Nov 23, 2023

The current state of st2chatops is the following:
image

Work on #133, trying to update as many upstream dependencies as possible and regenerate npm lock (npm-shrinkwrap.json).

@arm4b
Copy link
Member Author

arm4b commented Nov 23, 2023
edited
Loading

First go of npm audit fix gave something meaningful:

fixed 45 of 215 vulnerabilities in 633 scanned packages

@arm4b
Copy link
Member Author

arm4b commented Nov 23, 2023
edited
Loading

I'll take it as a quick win.

I think it makes sense to merge this PR and see if it goes through e2e st2cicd chatops tests on Slack.
Then try to do more radical changes in the next PR and see again if it passes e2e tests or not.
This way if things broke, I'll have an easy way to revert.

@arm4b arm4b marked this pull request as ready for review November 23, 2023 17:38
@arm4b arm4b requested a review from a team November 23, 2023 17:38
@arm4b arm4b enabled auto-merge November 23, 2023 17:39
@arm4b arm4b changed the title Try to update npm dependencies (security) Update dependencies - 1st try (security) Nov 23, 2023
@arm4b arm4b requested a review from a team November 23, 2023 18:39
@arm4b arm4b changed the title Update dependencies - 1st try (security) Update dependencies - 1st stage (security) Nov 23, 2023
@arm4b arm4b changed the title Update dependencies - 1st stage (security) Update dependencies - 1st try (security) Nov 23, 2023
@arm4b arm4b mentioned this pull request Nov 23, 2023
Merged
@arm4b arm4b merged commit 450e9a5 into master Nov 24, 2023
@arm4b arm4b deleted the update/dependencies branch November 24, 2023 08:05
@arm4b arm4b mentioned this pull request Nov 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nzlosh nzlosh nzlosh approved these changes

@amanda11 amanda11 amanda11 approved these changes

Assignees

No one assigned

Labels

help wanted maintenance security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@arm4b @nzlosh @amanda11