-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade traceviewer* packages to v0.2.6, that include upgraded ag-grid #262
Conversation
00dda6b
to
a565ccc
Compare
a565ccc
to
5332329
Compare
bdc44f0
to
0998474
Compare
The new packages contain the upgraded ag-grid packages, that removes several high-level vulnerabilities. Also, in this repo here, we now only need the ag-grid styles package, "@ag-grid-community/styles" - the rest of ag-grid being obtained from traceviewer-react-components. Note that ag-grid now distributes themes containing both dark and light in the same .css file. Signed-off-by: Marc Dumais <[email protected]>
0998474
to
9ae9423
Compare
b3b65b4
to
6d5537b
Compare
Following the adoption of much more recent ag-grid packages. This permits any recursive dependencies of the old version to be updated. The yarn upgrade also made it necessary to adjust the @vscode/vsce version we request, and as well the one we get through ovsx, so that we end-up using a slightly older version of @vscode/vsce. More recent versions would require some modifications in the way we package and also include a binary under a proprietary license, that's so far not approved for use in this project. Finally, following the yarn upgrade, we pull a new version of a dependency, that fails the license check. We've opened an IP ticket for it, but that has not yet been approved. On the face of it, the dependency looks license-compatible with the project, so we've added it to be temporarily excluded from the license check. --- Doing the yarn upgrade, we went from 5 to 2 known vulnerabilities, as per "yarn audit": Before: 5 vulnerabilities found - Packages audited: 926 Severity: 5 Moderate After: 2 vulnerabilities found - Packages audited: 981 Severity: 2 Moderate Signed-off-by: Marc Dumais <[email protected]>
6d5537b
to
7bf5e80
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Tested by opening some traces and events table. Tests included switching to dark theme since this PR includes css changes. Thanks for the upgrade.
Thanks for the review! |
Note: the dependency [1] that we added to the license-check ignore list in this PR, while it's being reviewed by the Eclipse Foundation IP team, is one used only for tests and not at runtime; i.e. it;s not distributed as part of the extension built from the code in this repository. So, I think we can safely go ahead and publish the extension without waiting for the IP review to be concluded, without fear that the dependency might end-up being deemed license-incompatible. [1]: |
The new traceviewer packages contain the upgraded ag-grid packages, that removes several high-level vulnerabilities.
Also, in this repo here, we now only need the ag-grid styles package, "@ag-grid-community/styles" - the rest of ag-grid being obtained from
traceviewer-react-components
. Note thatag-grid
now distributes themes containing both dark and light in the same .css file.Performed a
yarn upgrade
: we went from 5 to 2 known vulnerabilities, as per "yarn audit":Before:
5 vulnerabilities found - Packages audited: 926
Severity: 5 Moderate
After:
2 vulnerabilities found - Packages audited: 981
Severity: 2 Moderate