Problem/Motivation

The node packages used to build the module's JavaScript haven't been updated in as many as six years. Running npm audit lights up the screen like fireworks with vulnerability warnings.

Steps to reproduce

cd js
npm i
npm audit

Proposed resolution

  • Remove unused packages.
  • Replace outdated packages.
  • Update all remaining dependencies.

Issue fork permissions_by_term-3425955

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

marcoliver created an issue. See original summary.

marcoliver opened merge request !43

marcoliver’s picture

marcoliver
he/him
Primary language German
Location Neuss, NRW, Germany
commented
Status: Active » Needs review
fathima.asmat’s picture

fathima.asmat commented

@marcoliver, the PR looks good but just a query. is there any reason why we didn't upgrade @babel/core to 7.24.0 but instead 7.23.9. 7.24.0 was released 7 days ago and I think the first commit on the PR was made before then?

marcoliver’s picture

marcoliver
he/him
Primary language German
Location Neuss, NRW, Germany
commented

@fathima.asmat Good catch, thanks! No particular reason, I just didn't see that there was an update available.

I bumped the versions once more. The JS tests are now run in the pipeline as well.

  • marcoliver committed aa6947ee on 3.1.x-dev 
    Issue #3425955 by marcoliver, fathima.asmat, José Trindade: Update...

marcoliver credited José Trindade.

marcoliver’s picture

marcoliver
he/him
Primary language German
Location Neuss, NRW, Germany
commented
Status: Needs review » Fixed

Thanks for testing, and thanks for José Trindade to raising this issue! Merged. Will tag a new release shortly.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.