Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Depencency esbuild-loader from 2.19.0 to 4.2.2 #1394

Merged
merged 2 commits into from
Jan 23, 2025
Merged

Upgrade Depencency esbuild-loader from 2.19.0 to 4.2.2 #1394

merged 2 commits into from
Jan 23, 2025

Conversation

hexaltation
Copy link
Collaborator

Context

Follow-up of #1368
Trivy reports numerous vulnerabilities with current esbuild version.

$ trivy image lasuite/grist:1.3.2
grist/node_modules/esbuild-linux-64/bin/esbuild (gobinary)

Total: 52 (UNKNOWN: 0, LOW: 0, MEDIUM: 21, HIGH: 28, CRITICAL: 3)

Proposed solution

Bump esbuild-loader from 2.19.0 to 4.2.2

Changes in webpack configuration files follows this migration guide

Has this been tested?

  • 👍 yes, yarn build:prod works and app starts

@hexaltation hexaltation requested a review from fflorent January 21, 2025 19:35
@hexaltation hexaltation added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code gouv.fr labels Jan 21, 2025
@hexaltation hexaltation changed the title Upgrade Depencency esbuild-loader Upgrade Depencency esbuild-loader from 2.19.0 to 4.2.2 Jan 21, 2025
@hexaltation hexaltation force-pushed the upgrade-dependency-esloader branch from f2cada8 to 0eab80a Compare January 22, 2025 07:43
@hexaltation hexaltation force-pushed the upgrade-dependency-esloader branch from 0eab80a to dfc79c4 Compare January 22, 2025 07:52
@hexaltation
Copy link
Collaborator Author

Failing tests are the ones really flaky in couple last weeks :

  • Importer
  • ColumnOps.ntest

So it should not block this PR acceptance IMHO.

@paulfitz paulfitz merged commit 85649f1 into gristlabs:main Jan 23, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fflorent fflorent fflorent approved these changes

@paulfitz paulfitz paulfitz approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file gouv.fr javascript Pull requests that update Javascript code
Projects
French administration Board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hexaltation @paulfitz @fflorent