Page MenuHomePhabricator

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
ClosedPublic

Authored by alcipir on Wed, Jan 6, 21:38.

Details

Summary

This diff fix TerserPlugin package with vulnerability and apply necessary changes due to the new version. Also applies changes to a number of packages to remove vulnerabilities.

Test Plan

On master, run "npm audit", you should see 7 vulnerabilities identified. Upon applying this patch, the total should come down to 2: one from bch-js which will be addressed in their repo since it is a breaking change. The other from babel-plugin-fbt-runtime which needs further investigation, but it is rated as a low vulnerability.

Run "npm install" and "npm start" to check if the app is working properly.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

alcipir requested review of this revision.Wed, Jan 6, 21:38

Updates package-lock.json

josephroyking added a subscriber: josephroyking.

Tested with rebuilt dependencies, i.e.

rm -rf node_modules
rm package-lock.json
npm i --legacy-peer-deps
npm start

BCHA and SLPA send work, no errors -- but package-lock.json changed

This revision now requires changes to proceed.Wed, Jan 6, 21:59

npm start works with updated lock file

This revision is now accepted and ready to land.Wed, Jan 6, 22:01