Page MenuHomePhabricator

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
ClosedPublic

Authored by alcipir on Jan 6 2021, 21:38.

Details

Summary

This diff fix TerserPlugin package with vulnerability and apply necessary changes due to the new version. Also applies changes to a number of packages to remove vulnerabilities.

Test Plan

On master, run "npm audit", you should see 7 vulnerabilities identified. Upon applying this patch, the total should come down to 2: one from bch-js which will be addressed in their repo since it is a breaking change. The other from babel-plugin-fbt-runtime which needs further investigation, but it is rated as a low vulnerability.

Run "npm install" and "npm start" to check if the app is working properly.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

alcipir requested review of this revision.Jan 6 2021, 21:38

Updates package-lock.json

bytesofman requested changes to this revision.Jan 6 2021, 21:59
bytesofman added a subscriber: bytesofman.

Tested with rebuilt dependencies, i.e.

rm -rf node_modules
rm package-lock.json
npm i --legacy-peer-deps
npm start

BCHA and SLPA send work, no errors -- but package-lock.json changed

This revision now requires changes to proceed.Jan 6 2021, 21:59

npm start works with updated lock file

This revision is now accepted and ready to land.Jan 6 2021, 22:01