Skip to content

Update dependencies [SYNTH-145]#1331

Draft
rutmanz wants to merge 1 commit into
devfrom
zachr/145/update-deps
Draft

Update dependencies [SYNTH-145]#1331
rutmanz wants to merge 1 commit into
devfrom
zachr/145/update-deps

Conversation

@rutmanz

@rutmanz rutmanz commented Jun 19, 2026

Copy link
Copy Markdown
Member

Task

SYNTH-145

Symptom

Security audit is angry and we're using a bunch of outdated libraries because they haven't been updated since last summer.

Solution

Updated deps and used overrides for packages that depend on insecure versions of other packages. Then had to spend a bunch of time identifying and fixing code that fell victim to breaking changes.

Important

Everything is currently failing due to something with the mui packaging and I don't know why. It looks like there is an open issue about this on vite but I downgraded the vite version and it didn't get fixed. Will continue to investigate.

Verification


Before merging, ensure the following criteria are met:

  • All acceptance criteria outlined in the ticket are met.
  • Necessary test cases have been added and updated.
  • A feature toggle or safe disable path has been added (if applicable).
  • User-facing polish:
    • Ask: "Is this ready-looking?"
  • Cross-linking between Jira and GitHub:
    • PR links to the relevant Jira issue.
    • Jira ticket has a comment referencing this PR.

@rutmanz rutmanz self-assigned this Jun 19, 2026
@rutmanz rutmanz added the dependencies Pull requests that update a dependency file label Jun 19, 2026
@0xda157

0xda157 commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Maybe we adopt dependabot or similar so we aren't upgrading everything at once (which is very likely to cause regressions)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants