search-ui-react: Resolve Vulnerabilities #484
Conversation
Regenerates package-lock.json to include the safe dependencies. J=VULN-39418, VULN-39419 TEST=none Saw that babel imports in package-lock.json and test-site/package-lock.json were for versions at or above the safe dependency.
Legal RiskThe following dependencies were released under a license that RecommendationReach out to your security team or Semgrep admin to address this issue. In special cases, exceptions may be made for dependencies with violating licenses, however, the general recommendation is to avoid using a dependency under such a license non-standard |
The `npm run build` command was failing due to errors with the tsup build command. The increase in heap space is a temporary fix that we may run into again as the repo grows - the out of memory error that it prevents is an ongoing issue with the library itself (egoist/tsup#920).
The GeolocationPosition and GeolocationCoordinates objects now require toJSON() methods to be specified. Our implementation of these methods isn't important to my knowledge, but their absence is causing the LocationBias and Geolocation unit tests to fail.
Causing npm ci to fail when run remotely for automatic tests.
After making the library upgrades that were required to resolve vulnerabilities, new errors appeared that prevented our unit tests from passing. This commit updates the FilterSearch test so it passes without error.
| @@ -386,7 +386,7 @@ export function SearchBar({ | |||
| entityPreviewsCount | |||
| ); | |||
| const activeClassName = classNames('relative z-10 bg-white border rounded-3xl border-gray-200 w-full overflow-hidden', { | |||
| ['shadow-lg' ?? '']: hasItems | |||
| ['shadow-lg']: hasItems | |||
There was a problem hiding this comment.
Was causing tsup src/index.ts --dts --sourcemap --format esm,cjs to fail because ?? '' is never used. Ultimately preventing npm run build from succeeding.
| @@ -36,7 +36,7 @@ | |||
| ], | |||
| "scripts": { | |||
| "build": "rm -rf lib/** && rm -rf dist/** && npm run build:js && npm run build:css && npm run api-extractor && npm run generate-docs && npm run generate-notices", | |||
| "build:js": "tsup src/index.ts --dts --sourcemap --format esm,cjs && npm run create:lib-esm && npm run create:lib-commonjs", | |||
| "build:js": "NODE_OPTIONS='--max-old-space-size=16384' tsup src/index.ts --dts --sourcemap --format esm,cjs && npm run create:lib-esm && npm run create:lib-commonjs", | |||
There was a problem hiding this comment.
Where's this coming from?
There was a problem hiding this comment.
The tsup build command was failing due to OOM error in its worker process. This isn't a permanent fix because as the repo grows the heap size may need to be bumped again, but the root of the problem lies with tsup itself (egoist/tsup#920).
mkouzel-yext
force-pushed
the
hotfix/v1.7.1
branch
from
02d0339 to
8b841a5
Compare
|
The reason for these other changes is to try to get the automatic checks passing again. After making the package upgrades that resolving our vulnerabilities require, the majority of our automatic tests failed due to build errors. I'll reply with the individual reasons for each, but this is the overarching goal. |
Resolves errors that were being logged due to package upgrades in test files. These were prevent our automatic checks from passing.
mkouzel-yext
force-pushed
the
hotfix/v1.7.1
branch
from
d6194f2 to
56a184a
Compare
Upgrades dependency versions to resolve potential vulnerabilities.