fix: update dependencies with security vulnerabilities (#47)

* Update dependencies on redux and react-redux to remove dependency in insecure version of lodash-es * Update lerna and dependencies to remove dependency on insecure version of lodash.template * Filter out redux internal actions for setting page title in tests
respond-framework · Jul 15, 2019 · 3c18480 · 3c18480
1 parent d0d0fa6
commit 3c18480
Show file tree

Hide file tree

Showing 25 changed files with 616 additions and 558 deletions.
diff --git a/package.json b/package.json
@@ -58,17 +58,17 @@
     "jest": "^24.8.0",
     "jest-cli": "^24.8.0",
     "jest-localstorage-mock": "^2.4.0",
-    "lerna": "^3.14.1",
+    "lerna": "^3.15.0",
     "lint-staged": "^7.2.0",
     "npm-publish-git": "git://github.com/hedgepigdaniel/npm-publish-git.git",
     "prettier": "^1.14.2",
     "prop-types": "^15.6.2",
     "react": "^16.8.0",
     "react-dom": "^16.8.0",
     "react-hot-loader": "^4.8.8",
-    "react-redux": "^7.0.3",
+    "react-redux": "^7.1.0",
     "react-test-renderer": "^16.1.1",
-    "redux": "^3.6.0",
+    "redux": "^4.0.4",
     "redux-thunk": "^2.2.0",
     "rimraf": "^2.6.1",
     "source-map-loader": "^0.2.4",

diff --git a/packages/boilerplate/package.json b/packages/boilerplate/package.json
@@ -28,9 +28,9 @@
     "react": "^16.8.0",
     "react-dom": "^16.8.0",
     "react-hot-loader": "^4.8.8",
-    "react-redux": "^7.0.3",
+    "react-redux": "^7.1.0",
     "react-universal-component": "^3.0.3",
-    "redux": "^3.7.2",
+    "redux": "^4.0.4",
     "redux-devtools-extension": "^2.13.5",
     "serve-favicon": "^2.4.5",
     "source-map-support": "^0.5.6",

diff --git a/packages/integration-tests/__helpers__/createTest.js b/packages/integration-tests/__helpers__/createTest.js
@@ -228,10 +228,14 @@ export const setupStore = (routesMap, initialPath, opts) => {
   const middlewareFunc = options.middlewareFunc
   delete options.middlewareFunc
 
-  const title = (state, action = {}) =>
-    action.payload !== undefined
+  const title = (state, action = {}) => {
+    if (action.type.indexOf('@@redux') === 0) {
+      return state || '<initial_title>'
+    }
+    return action.payload !== undefined
       ? `${action.type} - ${JSON.stringify(action.payload)}`
       : action.type
+  }
 
   const {
     middleware,

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/SPA.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/SPA.js.snap
@@ -66,7 +66,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/arrayCallback.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/arrayCallback.js.snap
@@ -62,7 +62,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -200,7 +200,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/dontDoubleDispatch.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/dontDoubleDispatch.js.snap
@@ -203,7 +203,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/formatRoutes.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/formatRoutes.js.snap
@@ -151,7 +151,7 @@ Object {
     "universal": false,
     "url": "/missed",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -291,7 +291,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -572,7 +572,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/hydrate.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/hydrate.js.snap
@@ -74,7 +74,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/inheritedCallbacks.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/inheritedCallbacks.js.snap
@@ -74,7 +74,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -268,7 +268,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -464,7 +464,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/redirects.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/redirects.js.snap
@@ -66,7 +66,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -333,7 +333,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/returnFalse.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/returnFalse.js.snap
@@ -949,7 +949,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -1297,7 +1297,7 @@ Object {
     "universal": false,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/serverRedirect.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/serverRedirect.js.snap
@@ -66,7 +66,7 @@ Object {
     "universal": true,
     "url": "/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/packages/integration-tests/__tests__/integration/__snapshots__/uninheritedHistory.js.snap b/packages/integration-tests/__tests__/integration/__snapshots__/uninheritedHistory.js.snap
@@ -218,7 +218,7 @@ Object {
     "universal": false,
     "url": "/",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 

diff --git a/...ages/integration-tests/__tests__/integration/actions/__snapshots__/changeBasename.js.snap b/...ages/integration-tests/__tests__/integration/actions/__snapshots__/changeBasename.js.snap
@@ -149,7 +149,7 @@ Object {
     "universal": false,
     "url": "/bar/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -426,7 +426,7 @@ Object {
     "universal": false,
     "url": "/foo/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -770,7 +770,7 @@ Object {
     "universal": false,
     "url": "/foo/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -1205,7 +1205,7 @@ Object {
     "universal": false,
     "url": "/foo/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -1640,7 +1640,7 @@ Object {
     "universal": false,
     "url": "/foo/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;
 
@@ -1917,7 +1917,7 @@ Object {
     "universal": false,
     "url": "/bar/first",
   },
-  "title": "@@redux/INIT",
+  "title": "<initial_title>",
 }
 `;