Skip to content

[Templates] Update SPA dependencies to keep npm audit happy #21330

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 18, 2020
Merged

[Templates] Update SPA dependencies to keep npm audit happy #21330

merged 3 commits into from
May 18, 2020

Conversation

javiercn
Copy link
Member

@javiercn javiercn commented Apr 29, 2020
edited by mkArtakMSFT
Loading

Description

Many of the node dependencies of SPA project templates have received updates including some security fixes. The current references the SPA project templates have are not up-to-date.

Customer Impact

Customers who create new project will end up using dependencies with known security vulnerabilities. Also, these will result in warnings printed when running newly created SPA projects.

Regression?

These dependencies are not something we have control over. We simply update them from time to time to keep the templates current and in good state.

Risk

Low: The change itself is a low-risk for us as there is no actual functionality change involved in our code.

@ghost ghost added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Apr 29, 2020
@javiercn javiercn mentioned this pull request Apr 29, 2020
Merged
@javiercn javiercn marked this pull request as ready for review May 4, 2020 09:57
@javiercn javiercn requested a review from ryanbrandenburg as a code owner May 4, 2020 09:57
@javiercn javiercn requested a review from mkArtakMSFT May 4, 2020 09:57
@mkArtakMSFT mkArtakMSFT added the Servicing-consider Shiproom approval is required for the issue label May 5, 2020
@ghost
Copy link

ghost commented May 5, 2020

Hello human! Please make sure you've included the Shiproom Template in a comment or (preferably) the PR description. Also, make sure this PR is not marked as a draft and is ready-to-merge.

dougbu
dougbu approved these changes May 5, 2020
View reviewed changes
src/ProjectTemplates/Web.Spa.ProjectTemplates/content/Angular-CSharp/ClientApp/package.json
"@types/jasmine": "~3.4.4",
"@types/jasminewd2": "~2.0.8",
"@types/node": "~12.11.6",
"codelyzer": "^5.2.0",
"jasmine-core": "~3.5.0",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.4.1",
"karma": "^5.0.2",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bit surprised we can bump the major version without adjusting some of our code 😃

@leecow leecow added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels May 7, 2020
@leecow leecow added this to the 3.1.5 milestone May 7, 2020
@dougbu dougbu merged commit a9449cd into release/3.1 May 18, 2020
@dougbu dougbu deleted the javiercn/update-spa-dependencies-31 branch May 18, 2020 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dougbu dougbu dougbu approved these changes

@ryanbrandenburg ryanbrandenburg ryanbrandenburg approved these changes

@mkArtakMSFT mkArtakMSFT mkArtakMSFT approved these changes

Assignees
No one assigned
Labels
area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
3.1.5
Development

Successfully merging this pull request may close these issues.
5 participants
@javiercn @dougbu @ryanbrandenburg @mkArtakMSFT @leecow