Idea #21037
closed
Upgrade 'react-scripts' package and its descendants to address pending security issues
Description
While working on #21033, some of the security updates on dependencies couldn't be applied (https://dev.arvados.org/issues/21033#note-2) because react-scripts is too old (version 3.4.4) and it should be upgraded to 4.x or 5.x (https://www.npmjs.com/package/react-scripts), but there're incompatibilities that need resolution.
Related issues
Updated by Lucas Di Pentima 7 months ago
- Related to Bug #21033: Upgrade dependencies to address security issues added
Updated by Peter Amstutz 17 days ago
- Target version changed from Future to Development 2024-04-24 sprint
Updated by Peter Amstutz 17 days ago
- Assigned To set to Lisa Knox
- Category changed from Workbench2 to Workbench2
- Project changed from Arvados Workbench 2 to Arvados
Updated by Lisa Knox 8 days ago
developer-run-tests-services-workbench2: #739
21037-upgrade-react-scripts @ 56d19bb479c4b8cc175917d9ba867eba83bb3756
- ✅ All agreed upon points are implemented / addressed.
- Anything not implemented (discovered or discussed during work) has a follow-up story.
n/a - ✅ Code is tested and passing, both automated and manual, what manual testing was done is described
Most of the work was debugging the automated tests, so manual testing was done to compare to the auto-testing - Documentation has been updated.
n/a - Behaves appropriately at the intended scale (describe intended scale).
n/a - ✅ Considered backwards and forwards compatibility issues between client and server.
- ✅ Follows our coding standards and GUI style guidelines.
- react-scripts version is now 4.0.1
Updated by Stephen Smith 8 days ago
This looks good, doesn't look like it required as much fixing as I expected.
Only 1 note: One commit mentions adding .eslintcache to the gitignore but I don't see that addition aside from .eslintcache itself being removed - that might have been accidentally omitted from the commit
Once that's resolved it looks good to merge!