Upgrade dependencies to resolve semver advisory #8752

aduth · 2023-07-11T12:33:05Z

🛠 Summary of changes

Updates dependencies to resolve all security advisories related to semver.

This is a follow-up to #8659, where previously some dependencies could not be updated, since they were pinned to an older version of semver which had not been patched. The older versions have since been patched (semver@6.3.1, semver@5.7.2), so we can now resolve the advisory completely.

The approach largely follows this suggestion to remove and reinstall entries of affected packages from yarn.lock (specifically semver and core-js-compat), as well as upgrading stylelint to the latest version.

This removes the audit-ci tooling added in #8659, since we don't have a need for an allowlist at the moment, as all advisories have been addressed.

📜 Testing Plan

yarn audit produces a clean result.

changelog: Internal, Dependencies, Update dependencies to resolve security advisories

aduth added 2 commits July 11, 2023 08:26

Upgrade dependencies to resolve semver advisory

ad78dce

changelog: Internal, Dependencies, Update dependencies to resolve security advisories

Remove audit-ci tooling

27a3a8c

aduth mentioned this pull request Jul 11, 2023

Audit yarn dependencies with allowlist #8659

Merged

mitchellhenke approved these changes Jul 11, 2023

View reviewed changes

aduth merged commit d974d87 into main Jul 11, 2023
3 checks passed

aduth deleted the aduth-semver-upgrade branch July 11, 2023 15:34

zachmargolis mentioned this pull request Jul 12, 2023

Deploy RC 296 #8769

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade dependencies to resolve semver advisory #8752

Upgrade dependencies to resolve semver advisory #8752

aduth commented Jul 11, 2023

Upgrade dependencies to resolve semver advisory #8752

Upgrade dependencies to resolve semver advisory #8752

Conversation

aduth commented Jul 11, 2023

🛠 Summary of changes

📜 Testing Plan