Paths

Table of Contentst

Differential D8808

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
ClosedPublic
Actions

Authored by alcipir on Jan 6 2021, 21:38.

Details

Reviewers

bytesofman

Group Reviewers

Restricted Project

Commits

rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities

Summary

This diff fix TerserPlugin package with vulnerability and apply necessary changes due to the new version. Also applies changes to a number of packages to remove vulnerabilities.

Test Plan

On master, run "npm audit", you should see 7 vulnerabilities identified. Upon applying this patch, the total should come down to 2: one from bch-js which will be addressed in their repo since it is a breaking change. The other from babel-plugin-fbt-runtime which needs further investigation, but it is rated as a low vulnerability.

Run "npm install" and "npm start" to check if the app is working properly.

Diff Detail

Repository

rABC Bitcoin ABC

Branch

cashtab-fix-npm-vuln

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 14603
Build 29165: Build Diff
Build 29164: arc lint + arc unit

Event Timeline

alcipir created this revision.Jan 6 2021, 21:38

Herald added a reviewer: Restricted Project. · View Herald TranscriptJan 6 2021, 21:38

alcipir requested review of this revision.Jan 6 2021, 21:38

Harbormaster completed remote builds in B14603: Diff 26694.Jan 6 2021, 21:38

alcipir edited the test plan for this revision. (Show Details)Jan 6 2021, 21:43

Updates package-lock.json

Harbormaster completed remote builds in B14604: Diff 26695.Jan 6 2021, 21:58

Tested with rebuilt dependencies, i.e.

rm -rf node_modules
rm package-lock.json
npm i --legacy-peer-deps
npm start

BCHA and SLPA send work, no errors -- but package-lock.json changed

This revision now requires changes to proceed.Jan 6 2021, 21:59

npm start works with updated lock file

This revision is now accepted and ready to land.Jan 6 2021, 22:01

Closed by commit rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities (authored by alcipir). · Explain WhyJan 6 2021, 22:10

This revision was automatically updated to reflect the committed changes.

alcipir added a commit: rABC6b5d4ab6f2f0: [CashTab] Fix TerserPlugin and other npm packages with vulnerabilities.

Revision Contents
Changeset List

Path

Size

web/

cashtab/

config/

webpack.config.js

3 lines

package-lock.json

299 lines

package.json

9 lines

Diff 26694

View Options

web/cashtab/config/webpack.config.js

View Options

web/cashtab/package-lock.json

View Options

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilitiesClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 26694

web/cashtab/config/webpack.config.js

web/cashtab/package-lock.json

web/cashtab/package.json

[CashTab] Fix TerserPlugin and other npm packages with vulnerabilities
ClosedPublic
Actions

Revision Contents
Changeset List