Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(DGHT-287): Fix Dependabot alerts #5463

Merged
merged 15 commits into from
Dec 9, 2024
Merged

chore(DGHT-287): Fix Dependabot alerts #5463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
4e680ed
upgrade cross-spawn
yyanwang Dec 3, 2024
8889a4b
upgrade path-to-regexp ^3.3.0 -> ^8.2.0
yyanwang Dec 3, 2024
48aae96
upgrade msw
yyanwang Dec 3, 2024
fef5374
upgrade browser-sync
yyanwang Dec 3, 2024
dd7231f
changeset
yyanwang Dec 4, 2024
f17379c
Merge branch 'master' into DGHT-287-fe-upgrade-dependency-talend-ui
yyanwang Dec 4, 2024
e81ad78
use relative path for service worker url
yyanwang Dec 4, 2024
2168b57
address comment
yyanwang Dec 5, 2024
e45aaf2
upgrade @changesets/cli
yyanwang Dec 5, 2024
7431490
Merge branch 'master' into DGHT-287-fe-upgrade-dependency-talend-ui
yyanwang Dec 6, 2024
f9dc81d
upgrade express
yyanwang Dec 6, 2024
d4d9552
Merge f9dc81d5265666c4ea75a20e1491ad811ff3188f into 1421219bdc29b4c68…
yyanwang Dec 6, 2024
9be4a2e
chore: yarn-deduplicate
github-actions[bot] Dec 6, 2024
81dff59
update yarn.lock
yyanwang Dec 6, 2024
e41cfeb
changeset
yyanwang Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/eight-worms-clean.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@talend/ui-playground-vite': patch
---

Fix Dependabot alerts
11 changes: 11 additions & 0 deletions .changeset/tricky-cobras-fold.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
'@talend/scripts-config-storybook-lib': minor
'@talend/design-system': minor
'@talend/react-cmf-router': minor
'@talend/react-containers': minor
'@talend/react-cmf': minor
'@talend/scripts-publish-local': patch
'@talend/scripts-locales': patch
---
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For packages with major dependency upgrade, I use a minor changeset.
For packages with patch dependency upgrade, I use a patch changeset.


Fix Dependabot alerts
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"devDependencies": {
"@changesets/cli": "^2.27.9",
"@changesets/cli": "^2.27.10",
"@talend/scripts-config-babel": "^13.5.0",
"@talend/scripts-config-prettier": "^12.2.0",
"@talend/scripts-core": "^16.5.1",
"@talend/scripts-yarn-workspace": "^2.1.0",
"cross-env": "^7.0.3",
"cross-spawn": "^7.0.3",
"cross-spawn": "^7.0.6",
"eslint": "^8.57.1",
"husky": "^8.0.3",
"i18next-scanner": "^4.6.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/cmf-router/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"connected-react-router": "^6.9.3",
"history": "^5.3.0",
"lodash": "^4.17.21",
"path-to-regexp": "^3.3.0",
"path-to-regexp": "^8.2.0",
"prop-types": "^15.8.1",
"react-redux": "^7.2.9",
"react-router": "~6.3.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/cmf/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"invariant": "^2.2.4",
"lodash": "^4.17.21",
"nested-combine-reducers": "^1.2.2",
"path-to-regexp": "^3.3.0",
"path-to-regexp": "^8.2.0",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

be sure you have tested an existing CMF application with the router 🙏
There are unit test that should be good but we never know.
By the way there are still a 6.0 in the lock file, so the security issue will stay. Do you know where it comes from ?

Copy link
Member Author

@yyanwang yyanwang Dec 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comment!
I checked playground and vite-playground which works fine.
version 6 comes from multiple packages but 6.3.0 is a "safe" version :

=> Found "[email protected]"
info Has been hoisted to "path-to-regexp"
info Reasons this module exists
   - "workspace-aggregator-8113ffd5-c4b4-4412-9f5c-5bcfa979cb8e" depends on it
   - Hoisted from "_project_#@talend#ui-playground-vite#vite-plugin-mock#path-to-regexp"
   - Hoisted from "_project_#@talend#react-containers#msw#path-to-regexp"
   - Hoisted from "_project_#@talend#react-bootstrap#sinon#nise#path-to-regexp"

"prop-types": "^15.8.1",
"react-immutable-proptypes": "^2.2.0",
"react-redux": "^7.2.9",
Expand Down
8 changes: 3 additions & 5 deletions packages/cmf/src/matchPath.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@
* Beware! Do not modify. Forked from react-router V4
* Will be available as a dependency
*/

import pathToRegexp from 'path-to-regexp';
import { pathToRegexp } from 'path-to-regexp';

const patternCache = {};
const cacheLimit = 10000;
Expand All @@ -15,9 +14,8 @@ const compilePath = (pattern, options) => {

if (cache[pattern]) return cache[pattern];

const keys = [];
const re = pathToRegexp(pattern, keys, options);
const compiledPattern = { re, keys };
const { regexp, keys } = pathToRegexp(pattern, options);
const compiledPattern = { re: regexp, keys };

if (cacheCount < cacheLimit) {
cache[pattern] = compiledPattern;
Expand Down
2 changes: 1 addition & 1 deletion packages/containers/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
"@testing-library/user-event": "^14.5.2",
"i18next": "^23.16.4",
"jest-in-case": "^1.0.2",
"msw": "^1.3.5",
"msw": "^2.6.6",
"prop-types": "^15.8.1",
"react": "^18.3.1",
"react-dom": "^18.3.1",
Expand Down
16 changes: 11 additions & 5 deletions packages/containers/src/AboutDialog/AboutDialog.stories.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { rest } from 'msw';
import { http, HttpResponse } from 'msw';

import Action from '../Action';
import AboutDialog from '.';
import Action from '../Action';

export default {
title: 'AboutDialog',
Expand All @@ -16,9 +16,9 @@ export const Default = () => (
Default.parameters = {
msw: {
handlers: [
rest.get('https://tdp.us.cloud.talend.com/api/version', (req, res, ctx) => {
return res(
ctx.json({
http.get('https://tdp.us.cloud.talend.com/api/version', () => {
return new HttpResponse(
JSON.stringify({
displayVersion: 'R2022-01',
services: [
{ versionId: '3.33.0-4.13.1', buildId: '5759adb-4022e15', serviceName: 'API' },
Expand All @@ -36,6 +36,12 @@ Default.parameters = {
{ versionId: '10.1.0', buildId: 'a849f4f', serviceName: 'Semantic Types Producer' },
],
}),
{
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
},
},
);
}),
],
Expand Down
2 changes: 1 addition & 1 deletion packages/design-system/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
"@types/react-dom": "^18.3.1",
"@types/react-transition-group": "^2.9.2",
"@types/react-virtualized": "^9.21.30",
"browser-sync": "^2.29.3",
"browser-sync": "^3.0.3",
"browser-sync-webpack-plugin": "^2.3.0",
"concurrently": "^8.2.2",
"core-js": "^3.38.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/playground-vite/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"copy-webpack-plugin": "^11.0.0",
"cross-env": "^7.0.3",
"esbuild-plugin-react-virtualized": "^1.0.4",
"express": "^4.21.1",
"express": "^4.21.2",
"i18next-http-backend": "^1.4.5",
"mockjs": "^1.1.0",
"sass": "^1.80.5",
Expand Down
2 changes: 1 addition & 1 deletion packages/playground/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
"compression": "^1.7.4",
"copy-webpack-plugin": "^11.0.0",
"cross-env": "^7.0.3",
"express": "^4.21.1",
"express": "^4.21.2",
"i18next-http-backend": "^1.4.5",
"webpack": "^5.95.0"
},
Expand Down
Loading
Loading