Skip to content

Dependency updates to fix security vulnerabilities #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 9, 2023
Merged

Dependency updates to fix security vulnerabilities #306

merged 7 commits into from
Jun 9, 2023

Conversation

Trickfilm400
Copy link
Contributor

@Trickfilm400 Trickfilm400 commented Jun 8, 2023
edited
Loading

Changes

  • update superagent to latest version to fix security vulnerabilities
  • update qs and cookiejar to the latest version
  • Lock @types/superagent to 4.1.13 due to the failing typescript compiler

Notes / Questions

  • I think we should drop node < 16 support (because they are EOL) and for further dependency updates)
  • The test npm test were failing before and after the dependency updates
    • Should I provide a follow-up PR and try to fix these issues
  • Also, I didn't update all dependencies in the PR yet, because nearly all of them have breaking changes
    • Should I provide a follow-up PR and update all these dependencies?
  • I noticed, that in the ci.yml file there are some old node versions, which were scheduled for removal, but are still in there
    • Should I update them?

Issues Addressing:

This PR addresses the following issues:

This PR was inspired by #292

@keithamus
Copy link
Member

Looks like some tests were not built all that resilient 😆. Updated them to be slightly more so.

@keithamus keithamus merged commit ce9866f into chaijs:master Jun 9, 2023
@keithamus
Copy link
Member

@Trickfilm400 thats merged and released as 4.4.0. Thanks for your hard work here!

If you want to continue by updating breaking versions and dropping support for older versions, we can work together on releasing 5.0.0!

@Trickfilm400 Trickfilm400 mentioned this pull request Jun 16, 2023
Merged
@roblo1801 roblo1801 mentioned this pull request May 17, 2024
Open
This was referenced Sep 13, 2024
Open
Open
@seansund seansund mentioned this pull request Sep 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithamus keithamus keithamus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Trickfilm400 @keithamus