Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies for v0.14.1 #1811

Closed
4 of 5 tasks
mikkonie opened this issue Oct 6, 2023 · 1 comment
Closed
4 of 5 tasks

Upgrade dependencies for v0.14.1 #1811

mikkonie opened this issue Oct 6, 2023 · 1 comment
Assignees
@mikkonie
Labels
environment Issues of dependencies, CI, deployment etc.
Milestone
v0.14.1

Comments

@mikkonie
Copy link
Contributor

mikkonie commented Oct 6, 2023
edited
Loading

Tracking dependencies changed for this release here.

Updates

  • django==3.2.23
  • postcss (vue app)
  • @vue/component-compiler-utils and dependent packages (vue app) (1)
  • @babel/traverse >=7.23.2 (vue app)
  • werkzeug>=3.0.1

Notes

  1. This library has a vuln caused by a dependency for an old postcss version. There is a pull request to fix this, but it hasn't been acted on and the repo seems to no longer be receiving updates?`This is the dependency of multiple packages, which may not be maintained anymore either (see comments). I guess it's really time to upgrade the app to Vue3 soon..
@mikkonie mikkonie added the environment Issues of dependencies, CI, deployment etc. label Oct 6, 2023
@mikkonie mikkonie added this to the v0.14.1 milestone Oct 6, 2023
@mikkonie mikkonie self-assigned this Oct 6, 2023
@mikkonie
Copy link
Contributor Author

mikkonie commented Oct 6, 2023

Issues with @vue/component-compiler-utils and postcss:

node_modules/@vue/component-compiler-utils/node_modules/postcss
  @vue/component-compiler-utils  *
  Depends on vulnerable versions of postcss
  node_modules/@vue/component-compiler-utils
    @vue/cli-service  *
    Depends on vulnerable versions of @vue/component-compiler-utils
    Depends on vulnerable versions of vue-loader
    node_modules/@vue/cli-service
    @vue/vue2-jest  *
    Depends on vulnerable versions of @vue/component-compiler-utils
    node_modules/@vue/vue2-jest
    vue-loader  15.0.0-beta.1 - 15.10.2
    Depends on vulnerable versions of @vue/component-compiler-utils
    node_modules/@vue/vue-loader-v15

mikkonie added a commit that referenced this issue Oct 6, 2023
@mikkonie
update vue app dependencies (#1811)
b4a98ed
mikkonie added a commit that referenced this issue Oct 6, 2023
@mikkonie
upgrade python dependencies (#1811), update vue app version
81850be
mikkonie added a commit that referenced this issue Oct 6, 2023
@mikkonie
upgrade dependencies (#1810, #1811)
61b6097
mikkonie added a commit that referenced this issue Oct 19, 2023
@mikkonie
upgrade babel dependencies (#1811)
3a806b7
mikkonie added a commit that referenced this issue Oct 26, 2023
@mikkonie
upgrade to werkzeug==3.0.1 (#1811)
6e3ae2c
mikkonie added a commit that referenced this issue Nov 6, 2023
@mikkonie
upgrade to django==3.2.23 (#1811)
fe3af52
mikkonie added a commit that referenced this issue Nov 29, 2023
@mikkonie
upgrade to django-sodar-core v0.13.3-rc (#1811)
63d8fad
@mikkonie mikkonie mentioned this issue Dec 12, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikkonie mikkonie

Labels
environment Issues of dependencies, CI, deployment etc.
Projects
None yet
Milestone
v0.14.1
Development

No branches or pull requests
1 participant
@mikkonie