Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reimplement undo/redo history to fix security warnings #283

Merged
merged 4 commits into from
Dec 11, 2023
Merged

Reimplement undo/redo history to fix security warnings #283

merged 4 commits into from
Dec 11, 2023

Conversation

chrisvxd
Copy link
Member

@chrisvxd chrisvxd commented Dec 8, 2023
edited
Loading

Blocked by #265

Description

This PR refactors the undo/redo history to avoid event listeners, fixing some security issues and streamlining how the history is stored.

This reimplementation will also make it easier to expose the undo/redo history to users via the usePuck hook added in #265.

Background

The @measured/puck package is currently experiencing security warnings via socket.dev.

These are caused by the es5-ext library, which includes:

es5-ext was introduced during #23 due to the usage of the event-emitter package.

@vercel Vercel
Copy link

vercel bot commented Dec 8, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
puck-demo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Dec 11, 2023 7:02pm
puck-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Dec 11, 2023 7:02pm

@chrisvxd chrisvxd changed the base branch from main to composable-puck December 11, 2023 15:08
@chrisvxd chrisvxd mentioned this pull request Dec 11, 2023
Closed
Base automatically changed from composable-puck to main December 11, 2023 18:45
@chrisvxd chrisvxd merged commit d636605 into main Dec 11, 2023
4 checks passed
@chrisvxd chrisvxd deleted the fix-security-warnings branch December 11, 2023 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chrisvxd