Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update package.json to solve Dependabot alert #579

Closed
atlasharry opened this issue Jun 21, 2024 · 5 comments · Fixed by #585
Closed

Update package.json to solve Dependabot alert #579

atlasharry opened this issue Jun 21, 2024 · 5 comments · Fixed by #585
Assignees
@atlasharry
Labels
dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation

Comments

@atlasharry
Copy link
Member

atlasharry commented Jun 21, 2024
edited
Loading

This issue is for Dependabot alert 70.
@atlasharry atlasharry self-assigned this Jun 21, 2024
atlasharry added a commit that referenced this issue Jun 21, 2024
@atlasharry
Updated dependencies (issue #579)
95edec6
@atlasharry
Copy link
Member Author

atlasharry commented Jun 21, 2024
edited
Loading

I have changed the ws into ^8.17.1 and web-ext into ^8.2.0 in both package.lock.json and package.json.
However, one thing I noticed is when I build the app according to package.json via npm install or npm install --production=false, I would ended up creating a totally different package.lock file which has much more than changing only "ws" and "web-ext" (This may because the current package.lock on our github is outdated?")

In this branch, I only keep the changes of ws and web-ext version in the package.lock.json. Since by updating package.json, the user can build their own app and update the dependencies in package.lock.json accordingly.

I have tested the new dependency versions and the app works perfectly fine on my end.
@SebastianZimmeck
Copy link
Member

Excellent, @atlasharry!

@atlasharry, can you open a PR and add @dadak-dom as reviewer?

(cc'ing @Mattm27)
@SebastianZimmeck SebastianZimmeck mentioned this issue Jun 21, 2024
Closed
@SebastianZimmeck
Copy link
Member

Corresponding OptMeowt issue for reference.
@SebastianZimmeck
Copy link
Member

As discussed, if useful, @atlasharry will also add a comment in the readme for developers on how to fix these type of dependency issues as we will likely continue to see them since we have a good number of dependencies.
@SebastianZimmeck SebastianZimmeck added documentation Improvements or additions to documentation dependencies Pull requests that update a dependency file labels Jun 21, 2024
atlasharry added a commit that referenced this issue Jun 25, 2024
@atlasharry
Updated Readme (issue #579)
46233a7
@atlasharry atlasharry mentioned this issue Jun 25, 2024
Merged
@atlasharry atlasharry linked a pull request Jun 25, 2024 that will close this issue
579 update packagejson to solve dependabot alert #585
Merged
@SebastianZimmeck
Copy link
Member

Thanks, @atlasharry! And once the fix is in, we can close the alert manually.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation
2 participants
@SebastianZimmeck @atlasharry