[E.cash] - Updated Lodash Dependency to Fix Vulnerability#1947
Conversation
|
Testing on all platforms now. So far web & mobile web are clear |
|
All 5 platforms seem stable. I tried to hit all the pages that were using lodash. |
Luke9389
changed the title
|
Let's maybe hold this so that you can include the onyx upgrade in it too? |
|
That's a great point. I'll wait for the onyx one to get deployed and then retest this. 👍 |
Luke9389
changed the title
roryabraham
changed the title
|
Looks like this change made in Onyx:
Is already available in Expensify.cash. I'm going hold this other PR on this one. |
|
Yea, I updated Onyx on monday before I was OOO today. Retesting this now |
|
Retested on all 5 and it's lookin good. We need to be clever about when this gets merged. It'd be bad if another PR using the wrong lodash package got merged right before this one. For this reason, I think it's best to reassign the reviewer role to someone in my time-zone, so we can be sure to merge this at the right moment. @tgolen or @roryabraham Would either of you be willing to swap in for @Gonals and become the reviewer of this PR? |
|
Yeah, I don't mind reviewing and merging this. It looks fine! |
3 participants
This PR is on [HOLD] pending the deployment of this PR.
cc @tgolen
Details
Rather than using individual packages for each lodash method, we are using the main lodash package and selectively loading the methods we need (using this handy syntax:
lodash/orderby)Fixed Issues
Fixes https://github.com/Expensify/Expensify/issues/157894Tests
Our testing method for this is admittedly a bit primitive; comb the site looking for errors/broken stuff.
Tested On