Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: dependabot security fixes #356

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Conversation

lucas-zimerman
Copy link
Collaborator

@lucas-zimerman lucas-zimerman commented Oct 24, 2024

This PR aims to decrease the number of Security issues spotted by Dependabot, most of them do not affect users, only local builds of the SDK.

Fixes:

  • sentry-cordova/security/dependabot/115
  • sentry-cordova/security/dependabot/113
  • sentry-cordova/security/dependabot/112
  • sentry-cordova/security/dependabot/110
  • sentry-cordova/security/dependabot/106
  • sentry-cordova/security/dependabot/52
  • sentry-cordova/security/dependabot/48
  • sentry-cordova/security/dependabot/44
  • sentry-cordova/security/dependabot/41
  • sentry-cordova/security/dependabot/36
  • sentry-cordova/security/dependabot/35
  • sentry-cordova/security/dependabot/33
  • sentry-cordova/security/dependabot/35
  • sentry-cordova/security/dependabot/19
  • sentry-cordova/security/dependabot/14
  • sentry-cordova/security/dependabot/12
  • sentry-cordova/security/dependabot/6
  • sentry-cordova/security/dependabot/4
  • sentry-cordova/security/dependabot/2
  • sentry-cordova/security/dependabot/1

Removed:

  • Removed only packages that weren't in use or that were too old and could be easily replaced by an alternative.

  • codecov package: deprecated in favor of Github action: https://about.codecov.io/blog/codecov-uploader-deprecation-plan/

  • npm-run-all: latest update from the package was 3 years ago, replaced it by simple scripts.

  • rollup packages: replaced by new packages by rollup.

Code change:

  • There were no logic change, only formatting changes implemented by yarn fix script and also additional deprecated warnings to allow the build to pass.

@lucas-zimerman lucas-zimerman marked this pull request as ready for review October 28, 2024 22:23
.eslintrc.js Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
rollup.config.js Outdated Show resolved Hide resolved
.eslintrc.js Outdated Show resolved Hide resolved
Comment on lines +36 to +39
"@rollup/plugin-commonjs": "^28.0.1",
"@rollup/plugin-node-resolve": "^15.3.0",
"@rollup/plugin-terser": "^0.4.4",
"@rollup/plugin-typescript": "^12.1.1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we upgraded the build tooling, is the built shipped JS still the same or where there any changes introduced?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a diff check and no break changes were introduced, the only changes were just the ones made on the PR in regard to code formatting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants