Skip to content

[typescript-angular] update package.json (v11) to address security alerts #11765

Merged
wing328 merged 3 commits intomasterfrom
ts-11-updtae
Mar 2, 2022
Merged

[typescript-angular] update package.json (v11) to address security alerts #11765
wing328 merged 3 commits intomasterfrom
ts-11-updtae

Conversation

@wing328
Copy link
Copy Markdown
Member

@wing328 wing328 commented Mar 2, 2022
edited
Loading

  • update package.json (v11) (this file is not auto-generated) to address security alerts
  • remove package-lock.json so that CI will always install the latest version of the dependencies during tests

PR checklist

  • Read the contribution guidelines.
  • Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • Run the following to build the project and update samples: 
    ./mvnw clean package 
./bin/generate-samples.sh
./bin/utils/export_docs_generators.sh
    Commit all changed files.
    This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
    These must match the expectations made by your contribution.
    You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
    For Windows users, please run the script in Git BASH.
  • File the PR against the correct branch: master (5.3.0), 6.0.x
  • If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

cc @TiFu (2017/07) @taxpon (2017/07) @sebastianhaas (2017/07) @kenisteward (2017/07) @Vrolijkx (2017/09) @macjohnny (2018/01) @topce (2018/10) @akehir (2019/07) @petejohansonxo (2019/11) @amakhrov (2020/02)

@wing328 wing328 added this to the 6.0.0 milestone Mar 2, 2022
macjohnny
macjohnny reviewed Mar 2, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@macjohnny macjohnny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest not to delete the package-lock, tests might break without code changes on our side, but due to breaking changes in dependencies that are not correctly reflected in the versioning.

@wing328
Copy link
Copy Markdown
Member Author

wing328 commented Mar 2, 2022

I would suggest not to delete the package-lock, tests might break without code changes on our side, but due to breaking changes in dependencies that are not correctly reflected in the versioning.

Right. I'm well aware of such consequence (some other clients are using the same approach). The goal is to be notified in case something breaks due to installation of the latest dependencies (think of it as an alert).

In the worst case, we just pin the dependency to an older version (not the latest) to resolve the issue for the time being until someone has time to fix it.

What do you think?

@macjohnny
Copy link
Copy Markdown
Member

macjohnny commented Mar 2, 2022

I think it can be arbitrarily hard to find out which dependency change could have caused a breakage, especially because there are so many transitive dependencies.

@wing328
Copy link
Copy Markdown
Member Author

wing328 commented Mar 2, 2022

👌 Added back the file.

@wing328 wing328 merged commit 876f2fe into master Mar 2, 2022
@wing328 wing328 deleted the ts-11-updtae branch March 2, 2022 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macjohnny macjohnny macjohnny approved these changes

Assignees

No one assigned

Labels

Client: TypeScript Enhancement: CI/Test Enhancement: Security

Projects

None yet

Milestone

6.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@wing328 @macjohnny