Page MenuHomePhabricator
Differential D8808

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
ClosedPublic
Actions

Authored by alcipir on Jan 6 2021, 21:38.

Details

Reviewers
bytesofman
Group Reviewers
Restricted Project
Commits
rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
Summary

This diff fix TerserPlugin package with vulnerability and apply necessary changes due to the new version. Also applies changes to a number of packages to remove vulnerabilities.

Test Plan

On master, run "npm audit", you should see 7 vulnerabilities identified. Upon applying this patch, the total should come down to 2: one from bch-js which will be addressed in their repo since it is a breaking change. The other from babel-plugin-fbt-runtime which needs further investigation, but it is rated as a low vulnerability.

Run "npm install" and "npm start" to check if the app is working properly.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

alcipir created this revision.Jan 6 2021, 21:38
Herald added a reviewer: Restricted Project. · View Herald TranscriptJan 6 2021, 21:38
alcipir requested review of this revision.Jan 6 2021, 21:38
Harbormaster completed remote builds in B14603: Diff 26694.Jan 6 2021, 21:38
alcipir edited the test plan for this revision. (Show Details)Jan 6 2021, 21:43
alcipir updated this revision to Diff 26695.Jan 6 2021, 21:58

Updates package-lock.json

Harbormaster completed remote builds in B14604: Diff 26695.Jan 6 2021, 21:58
bytesofman requested changes to this revision.Jan 6 2021, 21:59
bytesofman added a subscriber: bytesofman.

Tested with rebuilt dependencies, i.e.

rm -rf node_modules
rm package-lock.json
npm i --legacy-peer-deps
npm start

BCHA and SLPA send work, no errors -- but package-lock.json changed

This revision now requires changes to proceed.Jan 6 2021, 21:59
bytesofman accepted this revision.Jan 6 2021, 22:01

npm start works with updated lock file

This revision is now accepted and ready to land.Jan 6 2021, 22:01
Closed by commit rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities (authored by alcipir). · Explain WhyJan 6 2021, 22:10
This revision was automatically updated to reflect the committed changes.
alcipir added a commit: rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities.

Revision Contents
Changeset List

PathSize
web/
cashtab/
config/
3 lines
5475 lines
9 lines

Diff 26696

View Options

web/cashtab/config/webpack.config.js

Loading...
View Options

web/cashtab/package-lock.json

Loading...
View Options

web/cashtab/package.json

Loading...