Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump deps #325

Merged
merged 3 commits into from
Sep 4, 2023
Merged

Bump deps #325

merged 3 commits into from
Sep 4, 2023

Conversation

mfocko
Copy link
Member

@mfocko mfocko commented Sep 4, 2023
edited
Loading

as a follow-up to the vulnerability report

@usercont-release-bot
Copy link

usercont-release-bot commented Sep 4, 2023
edited
Loading

Preview: https://packit-dashboard-pr-325.surge.sh (deployed at Mon 04 Sep 2023, 15:43 UTC)

@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://softwarefactory-project.io/zuul/t/packit-service/buildset/f3a31628972745fcb502d5ad4ab4b09d

✔️ pre-commit SUCCESS in 1m 15s

@mfocko mfocko self-assigned this Sep 4, 2023
jpopelka
jpopelka reviewed Sep 4, 2023
View reviewed changes
Copy link
Member

@jpopelka jpopelka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😕
So, will the GH action for deploying PRs work without it?
(The last run went OK, but the preview is already unavailable)

@mfocko
Copy link
Member Author

mfocko commented Sep 4, 2023
edited
Loading

😕 So, will the GH action for deploying PRs work without it? (The last run went OK, but the preview is already unavailable)

yes :) actually mentioned in the commit message, but it didn't get to the PR because of multiple commits :/
I hit some issues when trying to get it to work, so I installed it almost everywhere and I must've missed the commit when dropping the debugging changes, etc. Surge is installed »globally« and »within« the action, so we shouldn't need it in the frontend itself.

@mfocko
Copy link
Member Author

mfocko commented Sep 4, 2023

https://github.com/packit/dashboard/pull/325/files#diff-da6498268e99511d9ba0df3c13e439d10556a812881c9d03955b2ef7c6c1c655R12-R17

@SpyTec shouldn't those be included only in the dev dependencies? 🤔 we got it tagged as security vulnerability from one of its dependencies (ejs)

@Venefilyn
Copy link
Collaborator

#325 (files)

@SpyTec shouldn't those be included only in the dev dependencies? 🤔 we got it tagged as security vulnerability from one of its dependencies (ejs)

Yeah it could be added there, will mean less dependencies installed on prod. Luckily the attack surface for the dashboard is extremely low due to the nature of the application, so I didn't give it much thought

There is one reason to have it in the dependencies and that would be if we want to build and deploy Storybook as well to try it out we'd need it in dependencies -- though no need for that atm

@mfocko
Copy link
Member Author

mfocko commented Sep 4, 2023

Yeah it could be added there, will mean less dependencies installed on prod. Luckily the attack surface for the dashboard is extremely low due to the nature of the application, so I didn't give it much thought

There is one reason to have it in the dependencies and that would be if we want to build and deploy Storybook as well to try it out we'd need it in dependencies -- though no need for that atm

Thanks a lot :) it's included in both deps and dev deps, i'll remove it from deps to counter the false-positives for now

@mfocko
chore: upgrade the dependencies
0110c2f 
Signed-off-by: Matej Focko <[email protected]>
@mfocko
fix: remove surge
1093903 
It is used only within GH Action, must've been forgotten here.

Signed-off-by: Matej Focko <[email protected]>
@mfocko
chore: move storybook deps to dev deps
2fdc470 
Since we use storybooks only locally for now, move them to the
development dependencies rather than dependencies required for the
production run of the dashboard.

AI from vulnerability report from MP+.

Signed-off-by: Matej Focko <[email protected]>
@softwarefactory-project-zuul
Copy link
Contributor

Build succeeded.
https://softwarefactory-project.io/zuul/t/packit-service/buildset/14f2f8aef5634f04be5b1e023cec9d97

✔️ pre-commit SUCCESS in 1m 30s

@mfocko mfocko added this pull request to the merge queue Sep 4, 2023
Merged via the queue into packit:main with commit 2f8bdf3 Sep 4, 2023
1 check passed
@mfocko mfocko deleted the bump-deps branch September 4, 2023 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpopelka jpopelka jpopelka approved these changes

@lachmanfrantisek lachmanfrantisek Awaiting requested review from lachmanfrantisek

Assignees

@mfocko mfocko

Labels
None yet
Projects
Packit Kanban Board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mfocko @usercont-release-bot @Venefilyn @jpopelka