Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update packages to resolve package security audits #17

Merged
merged 2 commits into from
Oct 1, 2024
Merged

chore: update packages to resolve package security audits #17

merged 2 commits into from
Oct 1, 2024

Conversation

innerdvations
Copy link
Contributor

What does it do?

Updates a myriad of packages to fix

CVE-2024-4068 (braces)
CVE-2024-31207 (vite)
CVE-2024-4067 (micromatch)

Why is it needed?

security

How to test it?

everything should still work

Related issue(s)/PR(s)

@innerdvations innerdvations added the pr: security Security specific fixes label Sep 26, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 26, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 73710cd

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@innerdvations
Copy link
Contributor Author

innerdvations commented Sep 26, 2024
edited
Loading

Does anyone know if these upgrades will potentially affect the linting/prettier downstream? If so, this might need to be a major version bump. If not, it can just be a patch.

I might release it as a beta so we can test

Convly
Convly previously approved these changes Sep 26, 2024
View reviewed changes
Copy link
Member

@Convly Convly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, I'm only curious about whether it'll impact the prettier formatting in the types generation 🤔

Did you notice any differences?

@alexandrebodin
Copy link
Member

it doesn't run any eslint for the user. just reads the tsconfig.

I think it's using prettier for some stuff so might be worth check what exactly

Bassel17
Bassel17 previously approved these changes Sep 27, 2024
View reviewed changes
@innerdvations
Copy link
Contributor Author

Released @strapi/[email protected] to test this directly in @strapi/strapi and make sure nothing breaks

@innerdvations
Copy link
Contributor Author

innerdvations commented Oct 1, 2024
edited
Loading

For anyone who wants to check, I released experimental @strapi/strapi 0.0.0-experimental.1610404a03d98b65f497f9adda35815021b8fd76 that uses this PR as the version of @strapi/pack-up and it works with no side effects 🎉

So I'll merge and release this as a patch tomorrow since it doesn't cause any change other than the pack-up internals

@innerdvations innerdvations dismissed stale reviews from Bassel17 and Convly via 73710cd October 1, 2024 14:19
@innerdvations innerdvations merged commit 79b143d into main Oct 1, 2024
3 checks passed
@innerdvations innerdvations deleted the chore/upgrades-for-cves branch October 1, 2024 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexandrebodin alexandrebodin alexandrebodin approved these changes

@Bassel17 Bassel17 Bassel17 left review comments

@Convly Convly Convly left review comments

@remidej remidej Awaiting requested review from remidej

@jhoward1994 jhoward1994 Awaiting requested review from jhoward1994

Assignees
No one assigned
Labels
pr: security Security specific fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@innerdvations @alexandrebodin @Convly @Bassel17