Skip to content

Commit

Permalink
perform yarn upgrade
Browse files Browse the repository at this point in the history 
Following the adoption of much more recent ag-grid packages. This permits any
recursive dependencies of the old version to be updated.

The yarn upgrade also made it necessary to adjust the  @vscode/vsce version we
request, and as well the one we get through ovsx, so that we end-up using a
slightly older version of @vscode/vsce. More recent versions would require some
modifications in the way we package and also include a binary under a proprietary
license, that's so far not approved for use in this project.

Finally, following the yarn upgrade, we pull a new version of a dependency, that
fails the license check. We've opened an IP ticket for i, but that has not yet been
approved. On the face of it, the dependency in question is probably compatible to
the project, so we've added it to be temporarily excluded from the license check.

---

Doing the yarn upgrade, we went from 5 to 2 known vulnerabilities, as per "yarn audit":

Before:
5 vulnerabilities found - Packages audited: 926
Severity: 5 Moderate

After:
2 vulnerabilities found - Packages audited: 981
Severity: 2 Moderate

Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
  • Loading branch information
@marcdumais-work
marcdumais-work committed Aug 27, 2024
1 parent 0e574e3 commit 6d5537b
Show file tree
Hide file tree
Showing 5 changed files with 641 additions and 584 deletions.
3 changes: 2 additions & 1 deletion configs/license-check-config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"inputFile": "yarn.lock",
"batch": 50,
"timeout": 200,
"summary": "license-check-summary.txt"
"summary": "license-check-summary.txt",
"exclusions": "configs/license-check-exclusions.json"
}
3 changes: 3 additions & 0 deletions configs/license-check-exclusions.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"npm/npmjs/-/playwright-core/1.46.1": "Believed to be license-compatible but still under IP review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/15964"
}
5 changes: 4 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,8 @@
"vscode-trace-common",
"vscode-trace-webviews",
"vscode-trace-extension"
]
],
"resolutions": {
"@vscode/vsce": "2.25.0"
}
}
2 changes: 1 addition & 1 deletion vscode-trace-extension/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@
"@fortawesome/free-solid-svg-icons": "^5.8.1",
"@fortawesome/react-fontawesome": "^0.1.4",
"@vscode/codicons": "^0.0.33",
"@vscode/vsce": "^2.21.0",
"@vscode/vsce": "2.25.0",
"@ag-grid-community/styles": "^32.0.0",
"ag-grid-react": "^28.2.0",
"chart.js": "^2.8.0",
Expand Down
Loading

0 comments on commit 6d5537b

Please sign in to comment.