Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to Address Security Vulnerabilities and Framework Enhancements #160

Merged
merged 8 commits into from
Nov 6, 2024
Merged

Update to Address Security Vulnerabilities and Framework Enhancements #160

merged 8 commits into from
Nov 6, 2024

Conversation

dr-bizz
Copy link
Contributor

@dr-bizz dr-bizz commented Nov 1, 2024
edited
Loading

Description

This PR addresses multiple security issues flagged by npm and Dependabot, involving major version upgrades and code adjustments.

Major Fixes

  • Angular: Upgraded from v13 to v17 to maintain security and compatibility.
  • TypeScript: Updated from v4 to v5.2.2 to align with Angular 17 requirements.
  • core-js: Migrated from v2 to v3, updating all references to use modern es modules instead of deprecated es6 paths.

Key Adjustments:

Polyfills: Updated polyfills.ts to support core-js@3 with es module imports, ensuring compatibility with newer Angular configurations.
Testing Enhancements: Resolved issues in test.ts related to outdated configurations, enabling Karma to find all test files without manual imports.
Command Optimization: Added --watch=false to ng test due to recurring errors in watch mode. Other users also had this error, I followed their instructions to update packages, but after that didn't work, I ended up with this fix.
IE11 Support Removal: Removed support for Internet Explorer 11, as it is deprecated and unsupported by core-js@3.

Minor Changes:

Updated Angular.json Properties: Refactored to use updated Angular properties for improved build configurations.
TypeScript Target: Set target to ES2022 for enhanced compatibility with modern JavaScript standards.

@dr-bizz dr-bizz changed the title Security patches Security Patches Nov 1, 2024
@dr-bizz dr-bizz changed the title Security Patches Fix Security Vulnerabilities Nov 1, 2024
@dr-bizz dr-bizz changed the title Fix Security Vulnerabilities Update to Address Security Vulnerabilities and Framework Enhancements Nov 1, 2024
@dr-bizz
Copy link
Contributor Author

dr-bizz commented Nov 1, 2024

Look like I need to update the node version to node 18

@dr-bizz dr-bizz added the On Staging Will be merged to the staging branch by Github Actions label Nov 4, 2024
@stage-branch-merger Stage Branch Merger
Copy link
Contributor

I see you added the "On Staging" label, I'll get this merged to the staging branch!

@stage-branch-merger Stage Branch Merger
Copy link
Contributor

Merge conflict attempting to merge this into staging. Please fix manually.

@dr-bizz dr-bizz requested a review from caleballdrin November 4, 2024 14:15
@dr-bizz
Copy link
Contributor Author

dr-bizz commented Nov 4, 2024
edited
Loading

@caleballdrin I have assigned this to you as you have worked on this before, but just let me know if I also need to get Caleb Cox or Daniel Frett.

@stage-branch-merger Stage Branch Merger
Copy link
Contributor

Merge conflict attempting to merge this into staging. Please fix manually.

@dr-bizz dr-bizz requested a review from frett November 4, 2024 15:46
frett
frett reviewed Nov 4, 2024
View reviewed changes
.github/workflows/node.js.yml Outdated Show resolved Hide resolved
@frett
Copy link
Contributor

frett commented Nov 4, 2024

@dr-bizz any reason that there is both a package-lock.json and yarn.lock file? I'd assume we probably only want to use one package manager and not both.

But my js knowledge is limited, so there very well could be a good reason I don't know

@dr-bizz
Copy link
Contributor Author

dr-bizz commented Nov 4, 2024

@dr-bizz any reason that there is both a package-lock.json and yarn.lock file? I'd assume we probably only want to use one package manager and not both.

But my js knowledge is limited, so there very well could be a good reason I don't know

We can remove the yarn.lock, I added that by mistake.

@frett
Copy link
Contributor

frett commented Nov 4, 2024

@dr-bizz I think it was the other way, we had yarn.lock before and the package-lock.json is the new one :)

@dr-bizz
Copy link
Contributor Author

dr-bizz commented Nov 4, 2024

Sorry, I just saw that.

@dr-bizz
Updating from angular 13 to 17 to fix certain security patches.
848c664
@dr-bizz
Updating polyfills as we have updated core-js and now can use "es"
25c4a82
@dr-bizz
"relativeLinkResolution" is no longer a property and we aren't in nee…
5bb0712 
…d of it. It pretty much tells the router a different way to find pages when the route is "../slibing". Removing it makes it work as expected. Plus we don't have any routes where we use ../ in the route name.
@dr-bizz
Ran "npm audit fix --force" to update packages that have vulnerabilities
454e074
@dr-bizz
removing IE11 fom being supported as it is no longer a supported brow…
4dddf45 
…ser.

Updating angular.json and TS settings to new work with the Angular 17 and the TS 5.2.2.
@dr-bizz
Updating eslint and tests to ensure they work with updated angular an…
f9ffda1 
…d TS.
@dr-bizz
upgrading node on GitHub Actions
8076742
@dr-bizz
remove package-lock.json
9e563db
@dr-bizz dr-bizz merged commit 5ec6997 into master Nov 6, 2024
4 checks passed
@dr-bizz dr-bizz deleted the security-patches branch November 6, 2024 15:56
@dr-bizz dr-bizz mentioned this pull request Nov 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frett frett frett left review comments

@caleballdrin caleballdrin caleballdrin approved these changes

Assignees
No one assigned
Labels
On Staging Will be merged to the staging branch by Github Actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dr-bizz @frett @caleballdrin