polis icon indicating copy to clipboard operation
polis copied to clipboard
verified publisher icon compdemocracy

client-admin module upgrade

Open thomassth opened this issue 1 year ago • 2 comments

cleaned out most packages that had vulnerabilities.

Remaining 1 vuln from npm audit --prod is related to React Router v6, which is a more substantial upgrade; will do in a separate commit.

thomassth avatar Jul 19 '24 03:07 thomassth

Using ~ instead of ^ for versions in package.json was an intentional choice to avoid breaking changes from JS package churn. To maintain stability, it's better to manually update package.json after testing new versions, than to allow npm to ^^^ bump versions unexpectedly.

ballPointPenguin avatar Oct 17 '24 19:10 ballPointPenguin

For example @thomassth here's a much more cautious set of updates; https://github.com/compdemocracy/polis/pull/1824 (But maybe this doesn't solve the vulnerabilities?)

ballPointPenguin avatar Oct 17 '24 20:10 ballPointPenguin

Client Admin was fully upgraded in https://github.com/compdemocracy/polis/pull/2099

ballPointPenguin avatar Sep 24 '25 18:09 ballPointPenguin