Upgrade traceviewer* packages to v0.2.6, that include upgraded ag-grid #262
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marcdumais-work
force-pushed
the
ag-grid
branch
2 times, most recently
from
00dda6b
to
a565ccc
Compare
marcdumais-work
changed the title
marcdumais-work
force-pushed
the
ag-grid
branch
from
a565ccc
to
5332329
Compare
marcdumais-work
force-pushed
the
ag-grid
branch
2 times, most recently
from
bdc44f0
to
0998474
Compare
marcdumais-work
changed the title
The new packages contain the upgraded ag-grid packages, that removes several high-level vulnerabilities. Also, in this repo here, we now only need the ag-grid styles package, "@ag-grid-community/styles" - the rest of ag-grid being obtained from traceviewer-react-components. Note that ag-grid now distributes themes containing both dark and light in the same .css file. Signed-off-by: Marc Dumais <[email protected]>
marcdumais-work
force-pushed
the
ag-grid
branch
from
0998474
to
9ae9423
Compare
marcdumais-work
changed the title
marcdumais-work
force-pushed
the
ag-grid
branch
5 times, most recently
from
b3b65b4
to
6d5537b
Compare
Following the adoption of much more recent ag-grid packages. This permits any recursive dependencies of the old version to be updated. The yarn upgrade also made it necessary to adjust the @vscode/vsce version we request, and as well the one we get through ovsx, so that we end-up using a slightly older version of @vscode/vsce. More recent versions would require some modifications in the way we package and also include a binary under a proprietary license, that's so far not approved for use in this project. Finally, following the yarn upgrade, we pull a new version of a dependency, that fails the license check. We've opened an IP ticket for it, but that has not yet been approved. On the face of it, the dependency looks license-compatible with the project, so we've added it to be temporarily excluded from the license check. --- Doing the yarn upgrade, we went from 5 to 2 known vulnerabilities, as per "yarn audit": Before: 5 vulnerabilities found - Packages audited: 926 Severity: 5 Moderate After: 2 vulnerabilities found - Packages audited: 981 Severity: 2 Moderate Signed-off-by: Marc Dumais <[email protected]>
marcdumais-work
force-pushed
the
ag-grid
branch
from
6d5537b
to
7bf5e80
Compare
Merged
bhufmann
approved these changes
Aug 28, 2024
|
Thanks for the review! |
|
Note: the dependency [1] that we added to the license-check ignore list in this PR, while it's being reviewed by the Eclipse Foundation IP team, is one used only for tests and not at runtime; i.e. it;s not distributed as part of the extension built from the code in this repository. So, I think we can safely go ahead and publish the extension without waiting for the IP review to be concluded, without fear that the dependency might end-up being deemed license-incompatible. [1]: |
marcdumais-work
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The new traceviewer packages contain the upgraded ag-grid packages, that removes several high-level vulnerabilities.
Also, in this repo here, we now only need the ag-grid styles package, "@ag-grid-community/styles" - the rest of ag-grid being obtained from
traceviewer-react-components. Note thatag-gridnow distributes themes containing both dark and light in the same .css file.Performed a
yarn upgrade: we went from 5 to 2 known vulnerabilities, as per "yarn audit":Before:
5 vulnerabilities found - Packages audited: 926
Severity: 5 Moderate
After:
2 vulnerabilities found - Packages audited: 981
Severity: 2 Moderate