Page MenuHomePhabricator
Differential D3861

[keyserver] Bump `geoip-lite` to `1.4.5`
ClosedPublic
Actions

Authored by atul on Apr 27 2022, 8:32 AM.
Tags
None
Referenced Files
F2778978: D3861.id12271.diff
Fri, Sep 20, 8:29 AM
F2778968: D3861.id11994.diff
Fri, Sep 20, 8:25 AM
F2778966: D3861.id12269.diff
Fri, Sep 20, 8:24 AM
F2778954: D3861.id12268.diff
Fri, Sep 20, 8:22 AM
F2776952: D3861.diff
Fri, Sep 20, 6:31 AM
Unknown Object (File)
Mon, Sep 9, 5:45 PM
Unknown Object (File)
Mon, Sep 9, 5:45 PM
Unknown Object (File)
Mon, Sep 9, 5:45 PM
View All Files
Subscribers
abosh
adrian
karol

Details

Reviewers
jacek
tomek
ashoat
Commits
rCOMM4826e95db224: [keyserver] Bump `geoip-lite` to `1.4.5`
Summary

Downstream dependencies have issues surfaced by yarn audit

The repo doesn't have release notes, but skimmed through commits since 1.4.0 and there don't seem to be any breaking changes.

Depends on D3859

Test Plan

CI

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

atul created this revision.Apr 27 2022, 8:32 AM
Herald added subscribers: abosh, karol, adrian. · View Herald TranscriptApr 27 2022, 8:32 AM
atul added a comment.Apr 27 2022, 8:33 AM

(As of this diff, we've gone from 73 to 50 vulnerabilities according to yarn audit)

Harbormaster returned this revision to the author for changes because remote builds failed.Apr 27 2022, 8:35 AM
Harbormaster failed remote builds in B8609: Diff 11993!
atul edited the summary of this revision. (Show Details)Apr 27 2022, 8:45 AM
atul added a parent revision: D3860: [yarn] Bump transitive dependencies of `react-native-vector-icons`.
atul removed a parent revision: D3859: [yarn] Bump `clang-format` to `1.7.0`.
atul updated this revision to Diff 11994.Apr 27 2022, 9:13 AM

rebase

Harbormaster completed remote builds in B8610: Diff 11994.Apr 27 2022, 9:18 AM
atul requested review of this revision.Apr 27 2022, 9:18 AM
atul edited the summary of this revision. (Show Details)Apr 27 2022, 10:15 AM
atul added a parent revision: D3859: [yarn] Bump `clang-format` to `1.7.0`.
atul removed a parent revision: D3860: [yarn] Bump transitive dependencies of `react-native-vector-icons`.
atul added a child revision: D3863: [native] Bump `@react-navigation/native` to `5.9.8`.Apr 27 2022, 1:54 PM
ashoat accepted this revision.Apr 27 2022, 2:40 PM

Can you also test wherever we use geoip-lite to make sure it still works as expected? You can do this with cd keyserver && yarn update-geoip, but you'll need to create a keyserver/secrets/geoip_license.json file first.

comm@server:/var/www/comm$ cat keyserver/secrets/geoip_license.json
{
  "key": "SECRET_KEY_HERE_GET_THIS_FROM_ONE_PASSWORD"
}
This revision is now accepted and ready to land.Apr 27 2022, 2:40 PM
atul added a comment.Apr 28 2022, 12:35 PM
In D3861#107715, @ashoat wrote:

Can you also test wherever we use geoip-lite to make sure it still works as expected? You can do this with cd keyserver && yarn update-geoip, but you'll need to create a keyserver/secrets/geoip_license.json file first.

comm@server:/var/www/comm$ cat keyserver/secrets/geoip_license.json
{
  "key": "SECRET_KEY_HERE_GET_THIS_FROM_ONE_PASSWORD"
}

Yeah I'll give that a go. Thanks for the clear instructions, I don't have any context on geoip-lite.

Don't have access to 1Password at the moment (don't have work machine), but will test and land once I'm back.

atul added a comment.EditedMay 5 2022, 3:53 AM
In D3861#107715, @ashoat wrote:

Can you also test wherever we use geoip-lite to make sure it still works as expected? You can do this with cd keyserver && yarn update-geoip, but you'll need to create a keyserver/secrets/geoip_license.json file first.

comm@server:/var/www/comm$ cat keyserver/secrets/geoip_license.json
{
  "key": "SECRET_KEY_HERE_GET_THIS_FROM_ONE_PASSWORD"
}

Getting the following, it's not exiting and there's no indication it succeeded:

0f7a.png (572×1 px, 155 KB)

edit: added some logging in update-geo-db.js and node_modules/geo-ip/scripts/updatedb.js to try to diagnose... but by time I got back to terminal it looks like it completed. took like 120 seconds which was longer than I'd expect w/o context

atul updated this revision to Diff 12268.May 5 2022, 4:29 AM

rebase before landing (after testing)

atul updated this revision to Diff 12269.May 5 2022, 4:31 AM

dedupe

Harbormaster completed remote builds in B8803: Diff 12268.May 5 2022, 4:34 AM
Harbormaster completed remote builds in B8804: Diff 12269.May 5 2022, 4:41 AM
Closed by commit rCOMM4826e95db224: [keyserver] Bump `geoip-lite` to `1.4.5` (authored by atul). · Explain WhyMay 5 2022, 4:45 AM
This revision was automatically updated to reflect the committed changes.
atul added a commit: rCOMM4826e95db224: [keyserver] Bump `geoip-lite` to `1.4.5`.

Revision Contents
Changeset List

PathSize
keyserver/
2 lines
76 lines

Diff 12271

View Options

keyserver/package.json

Loading...
View Options

yarn.lock

Loading...