Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump cross-spawn to fix audit #2349

Merged
merged 1 commit into from
Nov 19, 2024
Merged

Bump cross-spawn to fix audit #2349

merged 1 commit into from
Nov 19, 2024

Conversation

r100-stack
Copy link
Member

@r100-stack r100-stack commented Nov 19, 2024
edited
Loading

Changes

Fixes GHSA-3xgq-45jj-v275.

Ran pnpm audit --fix, then ran pnpm i to update the lockfile, and then manually deleted the package.json overrides.

However, the audit was still failing. Upon investigating, it was coming from one of the nested dependencies of @itwin/itwinui-react's @swc/cli dependency. So, I bumped @swc/cli too since I didn't find any big changes in their changelog. I then confirmed that it fixed the audit.

Testing

  • Confirm pnpm audit passes (run)
  • [ ] Confirm build passes
    • Noticed that build for website is failing, even in the current main. So deemed it unrelated and added it as an after PR TODO.
  • Confirm CI passes
  • Confirm that esm and cjs build outputs are the same. E.g. tested for Table.js

Docs

Didn't add a changeset since I didn't think a bump in cross-spawn was important enough to warrant a changeset. Can add one if reviewers feel otherwise.

After PR TODOs:

  • See why build of website is failing

    Error 
    website:build:  generating static routes 
website:build: λ /_astro/ec.dy9ns.js
website:build:   └─ /_astro/ec.dy9ns.js (+3ms)
website:build: λ /_astro/ec.ulvux.css
website:build:   └─ /_astro/ec.ulvux.css (+1ms)
website:build: ▶ src/pages/docs/components.astro
website:build:   └─ /docs/components/index.html (+43ms)
website:build: ▶ src/pages/docs/[...slug].astro
website:build:   ├─ /docs/alert/index.htmlCannot find package '/iTwinUI/apps/website/node_modules/outdent/package.json' imported from /iTwinUI/apps/website/dist/chunks/UnstableApiCard_DAd-Wouo.mjs
website:build: Did you mean to import outdent/lib/index.js?
website:build:   Stack trace:
website:build:     at legacyMainResolve (node:internal/modules/esm/resolve:214:26)
website:build:     at moduleResolve (node:internal/modules/esm/resolve:910:20)
website:build:     at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:396:12)
website:build:     at ModuleLoader.getModuleJob (node:internal/modules/esm/loader:240:38)
website:build:     at link (node:internal/modules/esm/module_job:84:36)
website:build:  ELIFECYCLE  Command failed with exit code 1.
website:build: ERROR: command finished with error: command (/iTwinUI/apps/website) /usr/local/bin/pnpm run build exited (1)
website#build: command (/iTwinUI/apps/website) /usr/local/bin/pnpm run build exited (1)

@r100-stack r100-stack self-assigned this Nov 19, 2024
@r100-stack r100-stack marked this pull request as ready for review November 19, 2024 20:11
@r100-stack r100-stack requested a review from a team as a code owner November 19, 2024 20:11
@r100-stack r100-stack requested review from mayank99 and smmr-dn and removed request for a team November 19, 2024 20:11
@r100-stack r100-stack merged commit c9872e1 into main Nov 19, 2024
18 checks passed
@r100-stack r100-stack deleted the r/audit-3 branch November 19, 2024 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smmr-dn smmr-dn smmr-dn approved these changes

@mayank99 mayank99 mayank99 approved these changes

Assignees

@r100-stack r100-stack

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@r100-stack @mayank99 @smmr-dn