Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

repo: perform yarn upgrade #12990

Merged
merged 1 commit into from
Nov 28, 2023
Merged

repo: perform yarn upgrade #12990

merged 1 commit into from
Nov 28, 2023

Conversation

vince-fugnitto
Copy link
Member

What it does

The pull-request performs a yarn upgrade of the framework to better represent what downstream applications pull with our version ranges, and to resolve known security vulnerabilities which were pulled by our lockfile. The changes also make sure that our declared ranges for dependencies are correct and fixes any compilation errors.

How to test

  • confirm that CI successfully passes
  • confirm that yarn audit does not output vulnerabilities

Follow-ups

Review checklist

Reminder for reviewers

@vince-fugnitto vince-fugnitto added quality issues related to code and application quality security issues related to security dependencies pull requests that update a dependency file labels Oct 10, 2023
@vince-fugnitto vince-fugnitto self-assigned this Oct 10, 2023
@vince-fugnitto
Copy link
Member Author

The 3PP License Check will take time to approve as there are many updated dependencies in our lockfile.

@vince-fugnitto
Copy link
Member Author

The 3PP licenses are finally approved and CI is passing if anyone is interested in performing a review :)

msujew
msujew approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@msujew msujew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Vince, looks good to me 👍

@vince-fugnitto
repo: perform yarn upgrade
823a5ea 
The commit performs a `yarn upgrade` of the framework to better
represent what downstream applications pull with our version ranges, and
to resolve known security vulnerabilities which were pulled by our
lockfile. The changes also make sure that our declared ranges for
dependencies are correct and fixes any compilation errors.

Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
@vince-fugnitto vince-fugnitto merged commit 5f7c5c1 into master Nov 28, 2023
14 checks passed
@vince-fugnitto vince-fugnitto deleted the vf/yarn-upgrade-10-23 branch November 28, 2023 16:04
@github-actions github-actions bot added this to the 1.44.0 milestone Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msujew msujew msujew approved these changes

Assignees

@vince-fugnitto vince-fugnitto

Labels
dependencies pull requests that update a dependency file quality issues related to code and application quality security issues related to security
Projects
PR Backlog
Archived in project
Milestone
1.44.0
Development

Successfully merging this pull request may close these issues.
2 participants
@vince-fugnitto @msujew