Updating yarn packages

Updates everything to the latest, and resolves GHSA-h9rv-jmmf-4pgx related to XSS vulnerabilities with serialize-javascript. Adds --frozen-lockfile option to the Dockerfile so that deploys will fail if yarn updates are needed.
psu-libraries · Jan 23, 2020 · 1fa1241 · 1fa1241
1 parent 5368e5d
commit 1fa1241
Show file tree

Hide file tree

Showing 3 changed files with 1,488 additions and 1,303 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -35,7 +35,7 @@ RUN gem install bundler:2.0.2
 RUN bundle install --path vendor/bundle
 
 COPY package.json yarn.lock /app/
-RUN yarn
+RUN yarn --frozen-lockfile
 
 COPY --chown=app . /app
 

diff --git a/package.json b/package.json
@@ -2,31 +2,31 @@
   "name": "scholarsphere",
   "private": true,
   "dependencies": {
-    "@rails/actioncable": "^6.0.0-alpha",
-    "@rails/activestorage": "^6.0.0-alpha",
-    "@rails/ujs": "^6.0.0-alpha",
-    "@rails/webpacker": "^4.0.7",
-    "@uppy/aws-s3-multipart": "^1.3.4",
-    "@uppy/core": "^1.4.0",
-    "@uppy/dashboard": "^1.3.0",
-    "@uppy/xhr-upload": "^1.3.0",
-    "blacklight-frontend": "^7.2.0",
-    "caniuse-lite": "^1.0.30000999",
-    "popper.js": "^1.15.0",
+    "@rails/actioncable": "^6.0.2-1",
+    "@rails/activestorage": "^6.0.2-1",
+    "@rails/ujs": "^6.0.2-1",
+    "@rails/webpacker": "^4.2.2",
+    "@uppy/aws-s3-multipart": "^1.4.0",
+    "@uppy/core": "^1.7.1",
+    "@uppy/dashboard": "^1.5.2",
+    "@uppy/xhr-upload": "^1.4.2",
+    "blacklight-frontend": "^7.5.0",
+    "caniuse-lite": "^1.0.30001022",
+    "popper.js": "^1.16.1",
     "stimulus": "^1.1.1",
     "twitter-typeahead-rails": "https://github.com/yourabi/twitter-typeahead-rails.git#v0.11.1.pre.corejavascript"
   },
   "version": "0.1.0",
   "devDependencies": {
     "babel-eslint": "^10.0.3",
-    "eslint": "^6.6.0",
+    "eslint": "^6.8.0",
     "eslint-config-standard": "^14.1.0",
-    "eslint-loader": "^3.0.2",
-    "eslint-plugin-import": "^2.18.2",
-    "eslint-plugin-node": "^10.0.0",
+    "eslint-loader": "^3.0.3",
+    "eslint-plugin-import": "^2.20.0",
+    "eslint-plugin-node": "^11.0.0",
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^4.0.1",
-    "webpack-dev-server": "^3.8.2"
+    "webpack-dev-server": "^3.10.1"
   },
   "scripts": {
     "lint": "yarn run eslint --ext .js app/javascript"