Skip to content

Commit 8b2ef70

Browse files
jimlerzajimlerza
authored
Merge pull request #2413 from flexion/8-10-dep-updates
Dependency Updates Aug 10
2 parents 385c5bb + 8ce9c34 commit 8b2ef70

File tree

6 files changed

+539
-531
lines changed

6 files changed

+539
-531
lines changed

cypress-smoketests/support/pages/trial-sessions.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -55,8 +55,8 @@ exports.createTrialSession = (testData, overrides = {}) => {
5555

5656
cy.get('#chambers-phone-number').type(faker.phone.number());
5757
cy.get('#trial-clerk').select(testData.trialClerk || 'Test trialclerk1');
58-
cy.get('#court-reporter').type(faker.name.findName());
59-
cy.get('#irs-calendar-administrator').type(faker.name.findName());
58+
cy.get('#court-reporter').type(faker.name.fullName());
59+
cy.get('#irs-calendar-administrator').type(faker.name.fullName());
6060
cy.get('#notes').type(faker.company.catchPhrase());
6161

6262
cy.get('#submit-trial-session').click();

docs/team-process.md

+11-6
Original file line numberDiff line numberDiff line change
@@ -158,9 +158,14 @@ If dependencies have no patch, replace it with an alternative, or wait for the l
158158

159159
Below is a list of dependencies that are locked down due to known issues with security, integration problems within DAWSON, etc. Try to update these items but please be aware of the issue that's documented and ensure it's been resolved.
160160

161-
- `@fortawesome` packages locked down to versions pre-6.x.x to maintain consistency of icon styling until there is usability feedback and research that determines we should change them. This includes packages:
162-
- `@fortawesome/free-solid-svg-icons`
163-
- `@fortawesome/free-regular-svg-icons`
164-
- `@fortawesome/fontawesome-svg-core`
165-
166-
- It'd be good to keep an eye on `s3rver` for when it exceeds 3.7.1. We have a patch in place for called `s3rver+3.7.1.patch` in order to address the high severity issue exposed by `s3rver`'s dependency on `busboy` 0.3.1, which relies on `dicer` that actually has the [security issue](https://github.com/advisories/GHSA-wm7h-9275-46v2). Unfortunately, `busboy` >0.3.1, aka ^1.0.0, is incompatible with s3rver which is why there's a patch in place to make it compatible.
161+
1. `@fortawesome` packages locked down to versions pre-6.x.x to maintain consistency of icon styling until there is usability feedback and research that determines we should change them. This includes packages:
162+
- `@fortawesome/free-solid-svg-icons`
163+
- `@fortawesome/free-regular-svg-icons`
164+
- `@fortawesome/fontawesome-svg-core`
165+
166+
2. Check if there are updates to `s3rver` above version [3.7.1](https://www.npmjs.com/package/s3rver).
167+
- Why is there a patch called `s3rver+3.7.1.patch`?
168+
- To address the high severity issue exposed by `s3rver`'s dependency on `busboy` 0.3.1, which relies on `dicer` that actually has the [security issue](https://github.com/advisories/GHSA-wm7h-9275-46v2). Unfortunately, `busboy` >0.3.1, aka ^1.0.0, is incompatible with s3rver which is why there's a patch in place to make it compatible.
169+
- How does the patch run?
170+
- This runs as part of the `npm postinstall` step.
171+
- Common troubleshooting: If you see the high severity audit issue warning for `dicer`, run a full `npm install` rather than a single package update, as this will run the `postinstall` which is required to run the patch that addresses the security issue.

0 commit comments

Comments
 (0)