quill marking logic security upgrades #8625
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WHAT
Security upgrades for quill-marking-logic.
WHY
We want to start the new year with all of our high-priority security issues fixed.
HOW
Just upgrade packages/remove entirely where possible and test. The only one I didn't address was
webpack
, which is actually only used for testing anyway - in order to keep the tests passing I would have had to upgradekarma-webpack
to version 5.0.0, which is having issues onMacOS
at the moment. The fix for these issues is already inmaster
on their Github repository, so they should be coming out with 5.0.1 any day now and then we can upgrade: codymikol/karma-webpack#518.Screenshots
(If applicable. Also, please censor any sensitive data)
Notion Card Links
https://www.notion.so/quill/Marking-Logic-High-Security-Package-Updates-5e0f19c365554bfe8a8b39dc7272098a