-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(hail mary): Update package-lock.json via npm-audit-fix #26693
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #26693 +/- ##
==========================================
+ Coverage 67.16% 67.18% +0.01%
==========================================
Files 1902 1902
Lines 74454 74528 +74
Branches 8304 8327 +23
==========================================
+ Hits 50009 50070 +61
- Misses 22391 22397 +6
- Partials 2054 2061 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
It seems this is mostly blocked by typescript problems... this might be fixable, which would be fantastic from a security perspective. |
4a976dc
to
1605664
Compare
/testenv up |
@mistercrunch @michael-s-molina this finally passed CI! With this, This will need testing, so I'm spinning up a test environment. I'm most worried about things that use Airbnb dependencies (data-ui, visx, vx) since those are not well maintained, and their use is not well tested. Legacy charts that use them may be quietly broken by this PR. Let me know if you want to join in on the testing effort, and we can coordinate a bit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I'm curious to pull this branch and run |
Tempting as it is, I won't click merge yet... I strongly suspect this PR breaks some charts, and they won't be easily fixable without some pretty deep rewrites... particularly the histogram. If we're willing to kill off some charts that have no replacement due to package vulnerabilities, we can take that route, but it sure seems like it'd need official consensus, and that ship has sailed for 4.0. |
Hmm... I thought ephemerals were working again... 😞 |
Yep, that would have been a great 4.0 proposal 😢 I do think we should do that in 5.0 though given the security implications. |
I think the data-ui problem I was thinking of was part of the React 17 upgrade effort, and this PR doesn't break it. I'll merge this if/when CI passes. |
…-to-the-embedded-dashboard * master: (1182 commits) fix(ci): mypy pre-commit issues (apache#27161) feat(Alerts and Reports): Modal redesign (apache#26202) refactor: Migrate ErrorBoundary to typescript (apache#27143) chore(tests): Remove unnecessary explicit Flask-SQLAlchemy session expunges (apache#27136) fix(plugins): Apply dashboard filters to comparison query in BigNumber with Time Comparison chart (apache#27138) fix: Duplicated toast messages (apache#27135) docs: add Geotab to users list (apache#27134) fix: Plain error message when visiting a dashboard via permalink without permissions (apache#27132) fix: ID param for DELETE ssh_tunnel endpoint (apache#27130) chore(hail mary): Update package-lock.json via npm-audit-fix (apache#26693) chore: lower cryptography min version to 41.0.2 (apache#27129) docs(miscellaneous): Export Datasoruces: export datasources exports to ZIP (apache#27120) fix(pivot-table-v2): Added forgotten translation pivot table v2 (apache#22840) fix: RLS modal overflow (apache#27128) refactor: Updates some database columns to MediumText (apache#27119) fix: gevent upgrade to 23.9.1 (apache#27112) fix: removes old deprecated sqllab endpoints (apache#27117) feat(storybook): Co-habitating/Upgrading Storybooks to v7 (dependency madness ensues) (apache#26907) fix: bump grpcio, urllib3 and paramiko (apache#27124) chore(internet_port): added new ports and removed unnecessary string class (apache#27078) ...
SUMMARY
Just thought this was worth a shot to see if it can pass CI. This removes our dependency warnings from:
(37 moderate, 33 high, 14 critical)to
(31 moderate, 28 high, 1 critical)
Storybook PR got a bunch of the critical ones (bringing it down to 4) but this now brings it down to 32 (18 moderate, 13 high, 1 critical)
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
Good luck, CI.
ADDITIONAL INFORMATION