From ff39a91b2c224431ccd195d96245b46fb890bf3b Mon Sep 17 00:00:00 2001 From: Chris Kipp Date: Sun, 29 May 2022 10:16:19 +0200 Subject: [PATCH] dep: bump scalajs to 1.10.0 NOTE: We do add in https://github.com/scala-js/scala-js-fake-insecure-java-securerandom. You can see the full context to why here: https://github.com/scala-js/scala-js/security/advisories/GHSA-j2f9-w8wh-9ww4. However, we don't use this for anything sensitive here, but rather just the generation of non user facing unique ids by the invoker. I've included this temporary just to bump, and will address at a later time. --- build.sbt | 9 ++++++++- project/plugins.sbt | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/build.sbt b/build.sbt index 06b40cf8..9dbb9b50 100644 --- a/build.sbt +++ b/build.sbt @@ -120,7 +120,14 @@ lazy val runtime = CrossProject( Test / fork := true ) .jsSettings( - scalaJSStage := FastOptStage + scalaJSStage := FastOptStage, + // While not exactlu ideal, this is only used in the invoker to assign a + // unique id to ensure measurements have unique ids. It's never exposed to + // the user and doesn't touch anything sensitve, so we should have no + // issues here. Still, I don't like having this, so we should try to + // replace it. + libraryDependencies += ("org.scala-js" %%% "scalajs-fake-insecure-java-securerandom" % "1.0.0") + .cross(CrossVersion.for3Use2_13) ) lazy val `runtimeJVM` = runtime.jvm diff --git a/project/plugins.sbt b/project/plugins.sbt index dadb4902..54d4cc8d 100644 --- a/project/plugins.sbt +++ b/project/plugins.sbt @@ -1,4 +1,4 @@ -addSbtPlugin("org.scala-js" % "sbt-scalajs" % "1.8.0") +addSbtPlugin("org.scala-js" % "sbt-scalajs" % "1.10.0") addSbtPlugin("org.portable-scala" % "sbt-scalajs-crossproject" % "1.1.0") addSbtPlugin("com.github.sbt" % "sbt-ci-release" % "1.5.10")