Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

React: Update babel dependencies to fix sandbox creation #22824

Merged
merged 8 commits into from
May 28, 2023
Merged

React: Update babel dependencies to fix sandbox creation #22824

merged 8 commits into from
May 28, 2023

Conversation

ndelangen
Copy link
Member

No description provided.

@ndelangen ndelangen changed the title WIP - fixing sandboxes Build: update babel dependencies to fix sandbox creation May 27, 2023
@ndelangen ndelangen self-assigned this May 27, 2023
@ndelangen ndelangen requested a review from chakAs3 May 27, 2023 18:10
@ndelangen ndelangen added the build Internal-facing build tooling & test updates label May 27, 2023
@ndelangen ndelangen marked this pull request as ready for review May 27, 2023 18:12
@chakAs3
Copy link
Contributor

chakAs3 commented May 27, 2023

thanks @ndelangen ❤️ i will merge it

@chakAs3 chakAs3 self-requested a review May 27, 2023 19:23
@ndelangen
Copy link
Member Author

Running into svelte check issues.

I have no idea how to resolve that.

@chakAs3
Copy link
Contributor

chakAs3 commented May 27, 2023

i checking out your PR, i will give a shot with svelte

@ndelangen
Copy link
Member Author

Thank you @chakAs3 that would be appreciated!

We can try to work out what got updated that makes it break, perhaps there's now multiple versions of a package that we had only 1 of before?

Or we can try to work out what's wrong and fix it.

@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore svelte-preprocess@5.0.4
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
svelte-preprocess@5.0.4 (upgraded) postinstall code/renderers/svelte/package.json via svelte-check@3.4.3
Pull request alert summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Shell access ✅ 0 issues
Uses eval ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
New author ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
svelte-check@3.4.3 2.10.3...3.4.3 None +2/-3 svelte-language-tools-deploy

@ndelangen
Copy link
Member Author

Thank you for helping getting this over the line on your weekend @kasperpeulen @chakAs3 🙏

@ndelangen ndelangen merged commit fc3b4b7 into next May 28, 2023
@ndelangen ndelangen deleted the norbert/fix-sandbox branch May 28, 2023 14:40
shilman
shilman reviewed May 29, 2023
View reviewed changes
Copy link
Member

@shilman shilman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ndelangen this updates a bunch of user-facing code, so it should NOT be labeled as build, which is for internal build-only changes.

@shilman shilman added maintenance User-facing maintenance tasks and removed build Internal-facing build tooling & test updates labels May 29, 2023
@shilman shilman changed the title Build: update babel dependencies to fix sandbox creation React: Update babel dependencies to fix sandbox creation May 29, 2023
@ndelangen
Copy link
Member Author

OK that's fair @shilman

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shilman shilman shilman left review comments

@chakAs3 chakAs3 Awaiting requested review from chakAs3

Assignees

@ndelangen ndelangen

Labels
maintenance User-facing maintenance tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ndelangen @chakAs3 @shilman @kasperpeulen