Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dep updates 2025 01 03 #5673

Open
wants to merge 8 commits into
base: staging
Choose a base branch
from
Open

Dep updates 2025 01 03 #5673

wants to merge 8 commits into from

Conversation

akuny
Copy link
Contributor

@akuny akuny commented Jan 2, 2025
edited
Loading

  • Upgrade unpinned npm packages
  • Upgrade to aws-cli 2.22.27
  • bump Docker image to 4.3.25 and publish
  • Update documentation to include node-canvas peer dependency issue
  • Exp build

@akuny akuny changed the title dep-updates: bump packages with minor updates Dep Updates 1/3/2025 Jan 3, 2025
@akuny akuny changed the title Dep Updates 1/3/2025 Dependency Updates 1/3/2025 Jan 3, 2025
@akuny akuny changed the title Dependency Updates 1/3/2025 Dep updates 2025 01 03 Jan 3, 2025
@akuny akuny marked this pull request as ready for review January 3, 2025 18:19
Mwindo
Mwindo reviewed Jan 4, 2025
View reviewed changes
docs/dependency-updates.md
@@ -91,7 +101,7 @@ Below is a list of dependencies that are locked down due to known issues with se
### pdfjs-dist

- `pdfjs-dist` has a major version update to ^3.x,x. A devex card has been created to track work being done towards updating the package. Please add notes and comments to [this card](https://trello.com/c/gjDzhUkb/1111-upgrade-pdfjs-dist).
- The high-severity security issue "vulnerable to arbitrary JavaScript execution" has been addressed by us here: https://app.zenhub.com/workspaces/flexionef-cms-5bbe4bed4b5806bc2bec65d3/issues/gh/flexion/ef-cms/10407 and can therefore be ignored.
- The high-severity security issue "vulnerable to arbitrary JavaScript execution" has been addressed by us here: https://github.com/flexion/ef-cms/issues/10407 and can therefore be ignored.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Mwindo
Mwindo approved these changes Jan 4, 2025
View reviewed changes
Copy link
Contributor

@Mwindo Mwindo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @akuny! Would it be worthwhile to add a caveat to dependency-updates about upgrading the AWS terraform provider (e.g., "as of X, updating the AWS terraform provider causes issues our CI/CD pipeline").

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mwindo Mwindo Mwindo approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
to staging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@akuny @Mwindo