Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes dependency vulnerabilities #1475

Merged
merged 2 commits into from
Oct 1, 2024
Merged

Fixes dependency vulnerabilities #1475

merged 2 commits into from
Oct 1, 2024

Conversation

duranb
Copy link
Collaborator

@duranb duranb commented Sep 25, 2024

No description provided.

@duranb duranb added the maintenance A dependency update label Sep 25, 2024
@duranb duranb requested a review from a team as a code owner September 25, 2024 16:54
Copy link
Collaborator

@dandelany dandelany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@duranb your changes look good to me, but I added some additional commits that need a 👍 from you as well. details:

  • @duranb 's initial changes were meant to address the vulnerability warning you get when running npm install
  • I added a few more commits to get the security scan part of our Publish action working again, specifically:
    • upgraded Vite 5.4.6 -> 5.4.8 (didn't help but kept it)
    • upgraded our esbuild dep to ^0.24.1
    • forced Vite to use the same version of esbuild for its sub-dependency using overrides - this is what was causing the security scan error. In a future release they will update this on their side & we can remove the override.
    • Confirmed that this gets the security scan to pass

Lmk if you have any concerns... looks like Vite is upgrading shortly anyway but not released yet.

@duranb duranb force-pushed the refactor/update-deps branch from d8796a5 to 117131c Compare October 1, 2024 20:05
@duranb duranb merged commit 654c2e0 into develop Oct 1, 2024
5 checks passed
@duranb duranb deleted the refactor/update-deps branch October 1, 2024 20:16
JosephVolosin pushed a commit that referenced this pull request Oct 21, 2024
* update vite, esbuild deps, override vite to use esbuild 0.24 due to security scan

---------

Co-authored-by: dandelany <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
maintenance A dependency update
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants