website icon indicating copy to clipboard operation
website copied to clipboard

Published 20 hours ago verified publisher icon karmada-io

Update dependencies version

Open RainbowMango opened this issue 3 years ago • 13 comments

What would you like to be added: Update the dependencies version(in both package-lock.json and yarn.lock) due to security concerns:

  • [ ] Upgrade trim to version 0.0.3 or later
  • [x] Upgrade browserslist to version 4.16.5 or later
  • [x] Upgrade dns-packet to version 1.3.2 or later
  • [x] Upgrade ws to version 7.4.6 or later
  • [x] Upgrade normalize-url to version 4.5.1 or later
  • [x] Upgrade tar to version 6.1.9 or later.
  • [x] Upgrade path-parse to version 1.0.7 or later (#380, @SAMZONG)
  • [x] Upgrade nth-check to version 2.0.1 or later
  • [x] Upgrade follow-redirects to version 1.14.8 or later
  • [x] Upgrade node-fetch to version 2.6.7 or later
  • [x] Upgrade ansi-regex to version 5.0.1 or later.
  • [x] Upgrade minimist to version 1.2.6 or later.
  • [x] Upgrade cross-fetch to version 3.1.5 or later.
  • [x] Upgrade ansi-regex to version 3.0.1 or later.
  • [ ] Upgrade got to version 11.8.5 or later.

Why is this needed:

RainbowMango avatar Jun 06 '22 12:06 RainbowMango

I guess if we upgrade the docusaurus to a new version might solve all issues list on above.

cc @rgrupesh @Arhell

RainbowMango avatar Jun 06 '22 12:06 RainbowMango

I guess if we upgrade the docusaurus to a new version might solve all issues list on above.

cc @rgrupesh @Arhell

Which version should we upgrade to?

rgrupesh avatar Jun 06 '22 13:06 rgrupesh

I guess if we upgrade the docusaurus to a new version might solve all issues list on above. cc @rgrupesh @Arhell

Which version should we upgrade to?

latest?

Arhell avatar Jun 06 '22 13:06 Arhell

Yes, we can use the latest 2.0.0-beta.21.

RainbowMango avatar Jun 07 '22 02:06 RainbowMango

As https://github.com/facebook/docusaurus/releases/tag/v2.0.1 is now available, we can upgrade to v2.0.1 as it's a more stable version

kevin-wangzefeng avatar Aug 22 '22 07:08 kevin-wangzefeng

As https://github.com/facebook/docusaurus/releases/tag/v2.0.1 is now available, we can upgrade to v2.0.1 as it's a more stable version

i update all to latest version PR https://github.com/karmada-io/website/pull/141

Arhell avatar Aug 24 '22 10:08 Arhell

Hi @Arhell , Thanks for doing this. most of the dependencies are done by #156, but still have 4 left.

RainbowMango avatar Sep 06 '22 08:09 RainbowMango

If possible, I would like to participate in the repair work here.

samzong avatar Jun 06 '23 08:06 samzong

Sure, go ahead, appreciate it. /assign @SAMZONG

RainbowMango avatar Jun 06 '23 10:06 RainbowMango

#380 upgrade path-parse to 1.0.7

samzong avatar Jun 17 '23 02:06 samzong

Thanks @SAMZONG . Only two alerts left now.

RainbowMango avatar Jun 17 '23 09:06 RainbowMango