Gd/dev/setup #161
Open
Gd/dev/setup #161
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Developers should use this folder for their personal scripts/files that should not be added to the repository
guillaumedomingues
force-pushed
the
gd/dev/setup
branch
6 times, most recently
from
8be47c8 to
92e8336
Compare
Removed useWorkspaces option from lerna.json The "useWorkspaces" option has been removed. By default lerna will resolve your packages using your package manager's workspaces configuration. Alternatively, you can manually provide a list of package globs to be used instead via the "packages" option in lerna.json. Added workspaces to package.json Remove lerna bootstrap, add verbose logs
Histogram charts were going out of bounds, specifying a yDomain range of [0,100] and removing stackOffset=true fixes this
Security fixes: - Critical (6->0): mongoose (6.13.6), form-data (2.5.4), url-parse (1.5.10) - High (18->0): axios (1.8.2), multer (2.0.2), jsonwebtoken (9.0.0), follow-redirects (1.15.6), dicer (0.3.0) - Moderate (54->13): nth-check (2.1.1), debug (4.3.4), webpack-dev-server (5.2.1), postcss (8.4.31), js-yaml (4.1.1), tmp (0.2.4) Audit results: 91 vulnerabilities -> 16 (83% reduction)
Migrated to CRACO because react-app-rewired doesn't work with this version of webpack-dev-server.
After the change to use yarn workspaces we no longer need lerna. Documentation was also updated to reflect this. This change could be improved upon by adding scripts to run tests, etc from the project root
guillaumedomingues
force-pushed
the
gd/dev/setup
branch
from
92e8336 to
34f6483
Compare
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR's purpose is to upgrade several dependencies due to security vulnerabilities that have emerged over time.
Development
I added a configuration for a VS Code DevContainer for development purposes.
This makes setting up dependencies much easier, and lets developers avoid the use of scripts to install them.
Developers will need to change paths in listwebserver's
config.ymlto work inside the container.Dependency upgrades
C++ code dependencies were untouched
The more relevant upgrades (that required code changes) were
react-app-rewiredSome component types were changed to
anyto avoid compilation issues due to the react upgrade, but this is a feeble change and should probably be revisited and addressed properly at a later time.Leftover vulnerable dependencies:
parseuriinlistwebserver, but it does not have a patched version,qsinlistwebserver > sdpoker > request > qs(yarn did not find this vulnerability until this year, will take a look at it if I have the time)