Bump dependencies to resolve vulnerabilities #1164

rhystmills · 2024-06-11T15:09:51Z

What does this change?

This bumps some dependencies in order to reduce the number of high priority vulnerabilities reported by Snyk.

It reduces the number of Scala vulnerabilities from 6 to 2. Of the remaining two:

One is present in the latest release of Play, so we can't solve it for now.
One is present in the latest version of panda so we'll need to sort it there first. More details are available in Snyk.

The JS changes don't solve the vulnerabilities, but they do bring ts-loader to its latest version (where the vuln is still present).

Deploy to CODE and see if everything appears to be working normally.

Georges-GNM

Checked this on code, had a bit of a look/click around, looked ok to me 👍

prout-bot · 2024-06-14T10:11:17Z

Seen on PROD (merged by @rhystmills 6 minutes and 25 seconds ago) Please check your changes!

rhystmills added 5 commits June 11, 2024 16:04

Bump dependencies to resolve vulnerabilities

ccd0c62

Bump vulnerable scala dependencies

bf86b9d

Also bump logback

104ad35

Also bump aws

761b6f7

Bump fork-ts-checker-webpack-plugin

5913254

rhystmills marked this pull request as ready for review June 12, 2024 15:43

rhystmills requested a review from a team as a code owner June 12, 2024 15:43

Georges-GNM approved these changes Jun 12, 2024

View reviewed changes

rhystmills merged commit 71f7e7c into main Jun 14, 2024
1 of 2 checks passed

rhystmills deleted the rm/bump-dependencies branch June 14, 2024 10:04

prout-bot added Pending-on-PROD Seen-on-PROD and removed Pending-on-PROD labels Jun 14, 2024