patch: bump vulnerable dependencies #442
Conversation
raulkele
force-pushed
the
patch/dependency-bump
branch
3 times, most recently
from
5123256 to
2080c8d
Compare
raulkele
force-pushed
the
patch/dependency-bump
branch
from
2080c8d to
f2d4d36
Compare
|
@raulkele can you also update https://github.com/project-zot/zui/blob/main/.github/workflows/coverage.yml#L12? I am not sure the test/coverage failure is because of the node version or something in the libraries themselves |
raulkele
force-pushed
the
patch/dependency-bump
branch
4 times, most recently
from
234c384 to
35943fc
Compare
Signed-off-by: Raul-Cristian Kele <[email protected]>
raulkele
force-pushed
the
patch/dependency-bump
branch
from
35943fc to
e08c868
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #442 +/- ##
==========================================
- Coverage 85.00% 84.24% -0.77%
==========================================
Files 63 63
Lines 1961 1961
Branches 532 532
==========================================
- Hits 1667 1652 -15
- Misses 284 296 +12
- Partials 10 13 +3 ☔ View full report in Codecov by Sentry. |
|
After much tinkering managed to get it working it seems to be a known issue with older versions of node with jest specifically when generating coverage. Updated our targets for 20.x I'm not sure what the reported licensing issue is about and I don't seem to have required permissions to check. |
In short the tooling detected a GPL2 license for one of the 3rd party packages. But in the source code the original devs mention you can choose between BSD3 and GPL2, so we are fine. |
What type of PR is this?
dependency update
Which issue does this PR fix:
What does this PR do / Why do we need it:
If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
Testing done on this change:
Automation added to e2e:
Will this break upgrades or downgrades. Has updating a running cluster been tested?:
Does this change require updates to the CNI daemonset config files to work?:
Does this PR introduce any user-facing change?:
Issue with the test was unrelated to axios upgrade, it was caused by some flakiness introduced in our manifest select feature. Not sure why it didn't bother the test until now, but the exact same issue was affecting the tag with dependents test a while back, so I implemented a similar fix here.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.